Design, implement, and operate cloud security controls across production and internal environments (primarily AWS).
Own cloud posture management workflows (risk-based triage, exception handling, and automated remediation).
Build and maintain secure-by-default templates and modules (standards, defaults, account structure, secret management, segmentation).
Embed policy-as-code and IaC security controls into CI/CD (PR checks, drift detection) to prevent misconfigurations.
Reduce external and cloud risk by:
Own attack surface discovery/governance and baseline edge protections (e.g., WAF/rate limiting).
Drive automation for triage/remediation and operational efficiency by reducing repeat misconfigurations/toil (triage, routing, dedupe, validation, reporting).
Standardize cloud logging/telemetry and ensure it integrates cleanly into detection/IR workflows.
Work cross-functionally with Product, IT, DevOps, and Engineering to drive best practices and improve baseline security across the whole org.
Create pragmatic documentation, runbooks, and enablement materials that help teams self-serve, safely.
Support cloud/edge incident response: containment playbooks, root cause, and follow-up fixes.
Lead design reviews and threat models for platform/infrastructure (networking/segmentation, service-to-service access, secrets/encryption, logging/monitoring).
Drive continuous improvement of processes, procedures, and tools used across the security engineering organization.

5+ years combined experience in software engineering, infrastructure/platform engineering, and/or security engineering (with meaningful cloud/platform depth).
Strong understanding of securing distributed, cloud-native, high-availability environments.
Hands-on AWS experience: designing and operating secure systems (networking, IAM boundaries, logging/monitoring, encryption, service architectures).
Experience with Infrastructure-as-Code (Terraform preferred).
Ability to build and maintain tools/automation (Python preferred; strong engineering fundamentals required), including working effectively in Git-based workflows (branching strategies, PRs/code review, CI/CD integration, and resolving merge conflicts).
Experience in at least one of:
External attack surface discovery/remediation, and/or
Edge protection controls (e.g., WAF), and/or
Cloud posture/misconfiguration reduction at scale.
While very rare, this position may require occasional after-hours work to support incident response efforts and mission-critical security services.

Senior Security Engineer, Cloud Security

Key skills