ClassifiedRemote
Senior Cloud Security Engineer
United States
Full Time
5 hours ago
$160,000 - $320,000 USD
H1B Sponsor
Key skills
PythonGoBashAIMLAWSAzureGCPTerraformKubernetesServerlessEKSAKSGKECloudFormationIAMSSOCI/CDCloud SecurityZero Trust
About this role
Classified is seeking a Senior Cloud Security Engineer to design, implement, and enforce security controls across distributed, cloud-native environments. This role involves hands-on responsibilities at the intersection of cloud architecture, DevSecOps automation, IAM, and compliance to ensure a secure cloud infrastructure.
Responsibilities:
- Design secure-by-default architectures across AWS, GCP, and/or Azure
- Define security reference architectures for microservices, containers, and serverless systems
- Conduct architecture reviews to ensure alignment with best practices
- Establish guardrails aligned to Zero Trust principles
- Act as a security advisor to infrastructure and application teams
- Architect least-privilege access models (RBAC/ABAC)
- Implement just-in-time access and session controls
- Secure service-to-service authentication using workload identity and federated access
- Integrate SSO, MFA, and identity federation
- Conduct access reviews and privilege audits
- Embed security controls into CI/CD pipelines
- Implement automated scanning for code, containers, and IaC
- Integrate Terraform/CloudFormation/ARM security checks
- Build automated deployment guardrails
- Shift security left through templates and developer enablement
- Secure EKS, GKE, and/or AKS clusters
- Enforce pod security standards and network policies
- Harden container images and registries
- Implement runtime threat detection
- Secure secrets and admission controls
- Design segmented VPC/VNet architectures
- Implement private endpoints and Zero Trust networking
- Secure ingress/egress with WAFs, firewalls, API gateways
- Monitor and remediate misconfigurations via CSPM
- Implement logging, monitoring, and alerting for cloud security events
- Integrate telemetry into SIEM/SOAR platforms
- Lead cloud-related incident investigations
- Conduct root cause analysis and drive remediation
- Lead cloud vulnerability programs across infrastructure and containers
- Implement dependency and secret scanning
- Prioritize remediation based on risk
- Partner with engineering to track findings
- Support SOC 2, ISO 27001, PCI DSS, HIPAA, and GDPR initiatives (as applicable)
- Define cloud security policies and standards
- Participate in audits and risk assessments
- Ensure automated evidence collection where possible
- Partner with Infrastructure, Platform, SRE, and Application teams
- Provide security guidance during design and delivery
- Mentor junior engineers and elevate security maturity
Requirements:
- 7–12+ years in security engineering with strong cloud focus
- Deep hands-on experience in AWS, GCP, or Azure (multi-cloud preferred)
- Strong knowledge of IAM, networking, shared responsibility models
- Experience implementing DevSecOps automation
- Proficiency in Python, Go, Bash, or similar
- Experience securing Kubernetes at scale
- Zero Trust architecture experience
- Cloud security certifications (AWS Security Specialty, GCP Professional Cloud Security Engineer, Azure Security Engineer Associate)
- Experience in regulated or high-growth environments
- Familiarity with AI/ML platform security