Key skills
AWSCloudIAMCI/CDSnykPenetration TestingCloud Security
About this role
Role Overview
- Implement, maintain, and improve security controls across AWS environments.
- Support secure configuration of IAM, logging, monitoring, networking, and cloud services.
- Operate and improve vulnerability management processes across infrastructure, applications, containers, and dependencies.
- Triage security findings, assign ownership, track remediation, and drive closure with engineering teams.
- Support SAST, SCA, DAST, SBOM, and container security workflows using tools such as Snyk and AWS-native services.
- Help integrate security checks into CI/CD pipelines and development workflows.
- Track remediation of penetration testing findings and validate closure of high-priority issues.
- Support NIST 800-171 control implementation, evidence collection, and audit readiness activities.
- Maintain accurate documentation of security controls, risks, exceptions, and remediation progress.
- Support enterprise-grade security monitoring and incident response by leveraging centralized logging, alerting, and detection capabilities to identify, investigate, and respond to security events across the environment.
- Assist with security monitoring, alert triage, investigation, and incident response activities.
- Partner with Engineering, Platform, and IT teams to improve security processes without creating unnecessary friction.
- Contribute to repeatable DevSecOps practices across teams.
Requirements
- 5+ years of experience in security engineering, cloud security, application security, DevSecOps, or related roles.
- Strong hands-on experience with AWS security concepts and services.
- Experience with IAM, logging, monitoring, networking, and cloud security best practices.
- Experience with vulnerability management workflows and remediation tracking.
- Familiarity with application security tooling such as SAST, SCA, DAST, SBOM, and container scanning.
- Experience working with CI/CD pipelines and secure software delivery practices.
- Experience with enterprise security monitoring and incident response, including centralized logging, alerting, and investigation of security events.
- Ability to work directly with engineering teams to resolve security findings.
- Strong documentation, tracking, and follow-through skills.
- Highly self-motivated, practical, and able to operate in a fast-moving startup environment.
- Strong team player with demonstrated ability to take ownership and drive execution.
- Experience with NIST 800-171 or similar security/compliance frameworks is a plus.
Tech Stack
- AWS
- Cloud
Benefits
- Health insurance: Medical, Vision, Dental
- Flexible time off
- Maternity, Paternity & Parental Leave
- 401K Matching