EDZ SystemsRemote
Cloud Application Security Engineer
United States
Full-time
2 hours ago
H1B Sponsor Likely
Key skills
AILLMLarge Language ModelsAWSAzureGCPGoogle CloudTerraformKubernetesDockerJenkinsGitHub ActionsGitLab CIServerlessCloudFormationIAMAzure DevOpsGitHubGitLabCI/CDCommunicationOWASPCloud Security
About this role
EDZ Systems is seeking an experienced Cloud Application Security Engineer to support security engineering initiatives and enhance application security posture. The role involves implementing automated security controls, conducting assessments, and developing governance mechanisms for cloud and low-code/no-code platforms.
Responsibilities:
- Integrate, configure, and maintain Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), secrets detection, and Infrastructure as Code (IaC) scanning tools
- Conduct secure code reviews, static/dynamic analysis, and vulnerability assessments
- Perform threat modeling and application architecture security reviews
- Apply deep knowledge of OWASP Top 10, OWASP API Top 10, and SANS Common Weakness Enumeration to security findings and remediation recommendations
- Provide hands‑on engineering support for cloud security controls across AWS, Azure, and/or Google Cloud Provider
- Design, implement, and validate security configurations for cloud‑hosted applications
- Assess Identity and Access Management policies, encryption configurations, secrets management, and endpoint-control integrations
- Guide teams on secure cloud-native architectures, including containers, Kubernetes, and serverless services
- Integrate security controls into CI/CD platforms such as Azure DevOps, GitHub, GitLab, and Jenkins
- Implement pipeline‑based security scanning (SAST/SCA/IaC/secrets)
- Build and optimize developer feedback loops and automated remediation workflows
- Provide expertise in DevSecOps tooling, GitHub Actions, GitLab CI, Azure Pipelines, and related automation frameworks
- Define and refine security guardrails for the Power Platform
- Establish environment strategies, connector restrictions, approval workflows, and secure release patterns
- Assist with remediation and governance of citizen-developed apps and automation
- Define and enforce security standards for agentic and AI‑driven application development, including systems using Large Language Models, autonomous agents, and AI‑assisted workflows. (e.g., copilots, chatbots, RAG/knowledge assistants, agentic workflows, LLM threat models) by designing AI security guardrails and standards, validating security controls, and assessing AI-specific risks
- Assess and mitigate agent‑specific risks such as prompt injection, tool misuse, unintended autonomous actions, data leakage, and identity abuse
- Establish secure design patterns for agent runtimes, tool integrations, memory, and external system access, ensuring least privilege and clear trust boundaries
- Govern secure use of cloud identities, secrets, Application Programming Interfaces, and permissions used by agents and AI services
- Ensure AI‑generated code, scripts, and infrastructure artifacts are subject to appropriate security scanning, review, and approval prior to deployment
- Partner with Security Operations to improve application telemetry and logging
- Assist with investigations related to cloud-based application or pipeline security incidents
- Develop or update secure coding guidelines, cloud security standards, and operational runbooks
- Deliver training sessions on secure development, cloud security, CI/CD security, and DevSecOps patterns
- Provide documentation to ensure long-term maintainability and operational readiness
- CI/CD security integrations (SAST, SCA, IaC, secrets detection)
- Threat models and secure architecture review documentation
- Cloud configuration security assessments
- Updated Power Platform governance documentation
- Vulnerability assessment summaries and remediation guidance
- API security and authentication patterns reference
- Automated workflows or scripts supporting security functions
- Updated policies or standards (as applicable)
- Runbooks for security tool operations
- Secure coding guidelines for cloud applications
- Knowledge transfer materials (slides, recordings, or written references)
- At least 1–2 sessions per major technical domain (e.g., CI/CD security, cloud security, LCNC governance, etc.)
- Developer‑focused secure coding education sessions
Requirements:
- Hands-on experience with AWS, Azure, and/or GCP security services, including design, implementation, and maintenance of cloud application security controls
- Strong understanding of application security vulnerabilities (OWASP Top 10, OWASP API Top 10, SANS CWE)
- Proven experience integrating security controls into CI/CD platforms such as Azure DevOps and GitHub
- Experience with DevSecOps tooling and pipeline automation, including GitHub Actions, GitLab CI, Jenkins, and Azure DevOps
- Proficiency with container and infrastructure security, including Docker, Kubernetes, Terraform, and CloudFormation
- Strong understanding of IAM, encryption, secrets management, and endpoint protection technologies
- Demonstrated ability to lead complex technical projects and deliver high-quality outcomes in fast-paced environments
- Exceptional analytical, problem‑solving, communication, and documentation skills
- Ability to collaborate effectively with cross-functional teams and influence secure design decisions
- Experience with cloud security platforms and software supply chain security patterns
- Experience securing Power Platform, LCNC tools, or AI/LLM‑enabled applications
- Expertise in serverless and microservices security
- Certifications such as CCSP, AWS Security Specialty, Azure Security Engineer, CISSP, OSCP, GWAPT, GCSA