Hotel EngineRemote
Staff Cloud Security Engineer
United States of America
Full Time
2 hours ago
$137,000 - $190,000 USD
H1B Sponsor Likely
Key skills
Cloud SecurityAWSGoogle Cloud Platform (GCP)IdentityAccess Management (IAM)Cloud ArchitectureCloud Security Posture Management (CSPM)Cloud-Native Application Protection Platform (CNAPP)Infrastructure-as-Code SecurityTerraformCloud DetectionResponseSecurity Compliance Frameworks SOC 2Security Compliance Frameworks PCIAI Cloud SecurityInfluenceAIGCPIAMPrismaLeadershipCommunication
About this role
Engine is a company transforming business travel into a personalized and rewarding experience. They are seeking a Staff Cloud Security Engineer to secure and scale their cloud environments across AWS and GCP, focusing on hardening cloud infrastructure and managing cloud security risks.
Responsibilities:
- Lead security hardening across AWS and GCP environments, including identity and access management, network segmentation, logging, monitoring, configuration hygiene, and secure cloud architecture patterns
- Own and mature Engine’s approach to identifying, prioritizing, and remediating cloud security risks
- Own the end-to-end lifecycle of Orca findings, including monitoring new alerts, triaging severity, identifying root cause, tracking remediation, and driving findings to closure with the appropriate technical owners
- Serve as a primary responder for cloud-specific security alerts
- Partner with teams using Terraform and related infrastructure-as-code workflows to review, improve, and harden cloud configurations before risk reaches production
- Help secure Engine’s expanding AI-related cloud footprint by identifying risks related to sensitive data, elevated IAM permissions, new service integrations, model/data access patterns, and infrastructure configurations
- Partner closely with infrastructure, platform, engineering, SecOps, and security leadership to move security work forward
- Collaborate with SecOps to improve cloud telemetry, cloud-specific detection logic, SIEM signal quality, and response workflows for threats such as credential abuse, lateral movement, misconfigured storage, and data exfiltration
- Build clear, actionable cloud security guidelines, guardrails, and best practices for engineering teams
Requirements:
- Deep hands-on experience securing modern cloud environments, especially AWS, with strong knowledge of cloud-native security controls, services, risks, and remediation patterns
- Experience with GCP security or the ability to quickly ramp in a multi-cloud environment spanning AWS and GCP
- Strong understanding of cloud IAM, privilege reduction, identity boundaries, service permissions, key management, and common access-control failure modes
- Ability to evaluate architecture decisions, identify systemic risk, and recommend scalable security patterns that balance risk reduction with engineering velocity
- Experience with cloud security platforms such as Orca, Wiz, Prisma Cloud, Lacework, or similar tools, including triage, prioritization, remediation tracking, and reduction of alert noise
- Hands-on experience reviewing and securing Terraform or other infrastructure-as-code configurations
- Experience investigating cloud security alerts and improving telemetry, logging, monitoring, and detection logic across cloud environments
- Proven ability to earn credibility with infrastructure, platform, and engineering teams through practical recommendations, clear communication, and strong technical depth
- Ability to assess complex, ambiguous cloud security issues, identify root causes, prioritize risk, and make sound decisions with incomplete information
- Experience building or improving cloud security standards, guardrails, operating rhythms, remediation processes, or security review practices
- Understanding of how AI workloads can expand cloud attack surface through sensitive data usage, elevated permissions, new integrations, and infrastructure complexity
- Familiarity with cloud security concepts as they relate to compliance frameworks such as SOC 2, PCI, or similar standards