Key skills
AWSTerraformKubernetesIAMService MeshCI/CDLeadershipCommunicationCollaborationCloud SecurityZero Trust
About this role
Paxos is on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset in a trustworthy way. The Engineering Manager, Cloud Security will lead a team of security engineers to secure AWS and Kubernetes infrastructure, design Zero Trust architectures, and implement automated guardrails while ensuring a high-performing team culture.
Responsibilities:
- Lead, coach, and develop a team of cloud security engineers, including setting clear goals, providing ongoing feedback, and running performance reviews
- Own the security posture of our AWS and Kubernetes platforms, including multi-account AWS Organizations (SCPs, IAM, VPCs) and multi-cluster Kubernetes environments
- Drive the design and implementation of Zero Trust architectures, including identity-based perimeters, mTLS, network segmentation, and least-privilege access controls
- Partner with Platform, SRE, and Product Engineering teams to embed security into infrastructure roadmaps, CI/CD pipelines, and service architectures
- Establish and scale infrastructure as code and policy as code practices (e.g., Terraform/CDK, OPA/Kyverno) to build automated guardrails and reduce manual configuration
- Act as Incident Commander for high-severity security incidents and vulnerabilities (e.g., Log4j-style events), coordinating technical response, stakeholder communication, and post-incident reviews
- Own the security engineering roadmap for cloud and container security, balancing short-term risk reduction with long-term strategic investments
- Collaborate with Compliance, Risk, and Legal to maintain and improve our security posture relative to frameworks like SOC2 and ISO, and to support customer and regulator inquiries
- Partner with leadership on headcount planning, hiring, and organizational design to ensure the Cloud Security team scales with the business
- Champion a culture of security across Paxos through education, documentation, and close collaboration, helping teams ship secure systems quickly and confidently
Requirements:
- 8+ years of engineering experience (software, infrastructure, or security), including time as an individual contributor security engineer working on cloud or application security
- At least 2–3 years of experience as an engineering manager, leading and developing security or infrastructure teams
- Proven experience securing production AWS environments at scale, including AWS Organizations, IAM, SCPs, VPC design, Transit Gateways, WAFs, and logging/monitoring
- Hands-on experience securing multi-cluster Kubernetes environments (e.g., network policies, admission controllers, service mesh, secrets management, runtime hardening)
- Strong fluency with Infrastructure as Code (Terraform or CDK); you view infrastructure as software and are comfortable driving code reviews, testing, and automation for infra changes
- Deep understanding of security architecture concepts, including Zero Trust, mTLS, identity-based perimeters, least privilege, and cloud hardening best practices
- Demonstrated experience leading incident response as an Incident Commander for major vulnerabilities or breaches, including coordinating cross-functional teams under pressure
- Proficiency in headcount planning, performance reviews, and mentorship, with a clear and thoughtful leadership philosophy you can articulate with examples
- Excellent communication skills, with the ability to explain complex security risks and trade-offs to both deeply technical engineers and non-technical stakeholders