Key skills
AWSGCPTerraformIAMPrismaCI/CDLeadershipCloud Security
About this role
Xapo Bank is a fully distributed team committed to economic freedom and wealth protection. They are seeking a seasoned Principal Cloud Security Engineer to secure their cloud-native infrastructure and services across AWS, GCP, and other environments, ensuring a security-first approach in their global digital banking and crypto platform.
Responsibilities:
- Architect, implement, and maintain cloud security controls across AWS and GCP to protect our infrastructure, applications, and data
- Take full ownership of security projects, driving them from initial concept through development, testing, and deployment
- Review, write and deploy infrastructure-as-code (IaC) security solutions using Terraform
- Continuously assess cloud environments using Cloud Security Posture Management (CSPM) platforms like Wiz
- Support monitoring, detection, and response for cloud threats by integrating with tools such as AWS GuardDuty, Security Hub, and GCP Security Command Center
- Participate actively in incident response and forensic analysis for cloud-related security events
- Collaborate with cross-functional teams to perform threat modeling and secure architecture reviews for new services and infrastructure changes
- Help reinforce a security-first culture by sharing best practices and participating in awareness initiatives
Requirements:
- 5+ years of experience in cloud security engineering, DevSecOps, or related infrastructure security roles
- Demonstrable expertise in securing cloud environments (especially AWS and/or GCP)
- Strong hands-on experience with securing AWS and/or GCP environments (IAM, VPCs, workload protection, encryption, etc.)
- Proficiency in Terraform, with a focus on building and enforcing secure cloud infrastructure
- Solid experience with cloud-native security tools and CSPM solutions like Wiz, Prisma Cloud, or Orca Security
- Familiarity with security frameworks and standards (e.g., NIST, CIS, ISO) and their practical application in cloud environments
- Familiarity with container security concepts
- Solid grasp of DevSecOps principles, with proven experience integrating security into CI/CD pipelines and operational processes
- Excellent problem-solving abilities, with a proactive mindset and the capability to adapt to new challenges in dynamic environments
- A dedicated workspace
- A reliable internet connection with the fastest speed possible in your area
- Alignment with Our Values and the Xapo Values-Driven Leadership principles
- Relevant certifications are a plus, such as: AWS Certified Solutions Architect, AWS Certified Security – Specialty, Google Professional Cloud Security Engineer, Other recognized cloud security certifications