SentinelOneRemote
Staff Cloud Security Engineer
United States of America
Full Time
9 hours ago
$184,000 - $235,000 USD
No H1B
Key skills
AIAgenticAWSAzureGCPTerraformKubernetesK8sEKSAKSGKEHelmCloudFormationIAMEntra IDOAuthCommunicationCloud Security
About this role
SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. As a Staff Cloud Security Engineer, you will be responsible for leading cloud-domain workstreams, validating cloud security findings, and conducting deep reviews across major cloud platforms.
Responsibilities:
- Lead Wayfinder Frontier AI Services cloud-domain workstreams end-to-end across customer engagements, proactive reviews, compromise assessments, and post-incident hardening
- Review and triage cloud security findings from our agentic scanning pipeline, validate true positives, eliminate noise, ground exploitability in the customer's actual cloud environment, and ensure every finding that reaches the customer is a decision they can act on
- Conduct deep IAM, network, and identity reviews across AWS, Azure, and GCP
- Lead cloud-native attack path discovery and document exposures and remediation
- Demonstrated ability to defend findings under pressure with senior customer stakeholders, excellent written and verbal communication is non-negotiable for this role
- Maintain continuous awareness of cloud-native attack techniques, pure-cloud ransomware, Entra, K8s attacks, OAuth-app abuse, etc
Requirements:
- 7+ years in cloud security or cloud-focused application/infrastructure security, with a hands-on engineering background
- Proven track record translating complex findings into technical and executive-level debriefs
- Excellent written and verbal communication is essential
- Deep AWS expertise; IAM, STS, Organizations, SCP, GuardDuty, CloudTrail, EKS, IRSA, and demonstrated ability to map cross-account attack paths
- Azure expertise; Entra ID, Conditional Access, RBAC, Activity Logs, Defender for Cloud, AKS, Workload Identity, including cross-tenant and hybrid-identity attack patterns
- Working knowledge in GCP, IAM, Org Policy, Audit Logs, GKE Workload Identity
- Working knowledge of cloud-native runtime security, eBPF telemetry, container runtime behavior, and how to spot a workload doing something it shouldn't
- Kubernetes security at depth (RBAC, admission control, OPA/Gatekeeper, PSS) and IaC review across Terraform, Helm, CloudFormation, and Bicep
- Comfortable triaging output from AI-assisted cloud-posture and attack-path tools, able to separate risk from noise
- Cloud incident response and log forensics experience across at least two major cloud providers