Sr Cloud Security Engineer - Cloud Cert; CISSP/GIAC EAST COAST ONLY

Volkswagen Financial Services is focused on developing fully autonomous mobility and transportation services. They are seeking a Senior Cloud Security Engineer to lead the strategy, design, and implementation of AWS security capabilities for autonomous vehicle development, ensuring the security of complex systems and high-value assets.

Responsibilities:

• Lead the design and evolution of secure AWS architectures across services such as Amazon VPC, Amazon EC2, Amazon EKS, and AWS Lambda
• Define and enforce enterprise-wide security standards for identity, network, data protection, and workload security using AWS IAM and AWS KMS
• Architect scalable, secure multi-account environments leveraging AWS best practices (e.g., landing zones, guardrails)
• Evaluate and introduce new security technologies and frameworks to enhance cloud security posture
• Drive security-by-design principles across all cloud and platform engineering initiatives
• Lead threat modeling, secure architecture reviews, and risk assessments for complex, distributed systems
• Establish and mature secure SDLC practices, integrating security into CI/CD pipelines at scale
• Oversee code reviews, security testing (SAST/DAST), and vulnerability management processes
• Ensure adherence to standards such as OWASP Top 10 and CWE/SANS Top 25
• Mentor engineering teams on secure coding, architecture patterns, and cloud-native security practices
• Lead enterprise vulnerability management strategy across cloud infrastructure and applications
• Perform advanced threat-centric assessments to identify systemic risks and architectural weaknesses
• Prioritize remediation efforts based on business impact and threat intelligence
• Ensure compliance with internal policies and external frameworks (e.g., SOC 2, ISO 27001, NIST)
• Partner with audit and compliance teams to streamline evidence collection and control validation
• Design and mature cloud detection and response capabilities using tools such as Amazon GuardDuty, AWS Security Hub, Amazon CloudWatch, and AWS CloudTrail
• Develop advanced detection rules, automate response workflows, and improve alert fidelity
• Lead and coordinate incident response for high-severity security events
• Conduct post-incident reviews and drive long-term remediation and resilience improvements
• Act as a strategic liaison between Security, DevOps, Platform, and Engineering leadership
• Influence architectural decisions and drive adoption of security best practices across teams
• Lead security initiatives, roadmap planning, and cross-functional projects
• Develop and deliver advanced security training and awareness programs
• Mentor junior engineers and contribute to building a strong security engineering culture

Requirements:

• 7 - 9 years of experience in technical aspects of cloud, applications, web or mobile
• 5+ years of experience in IT security function
• B.S. in Information Technology, Computer Science or equivalent work experience
• Exceptional communication skills
• Problem solving skills
• Analytical skills
• Conceptual thinking skills
• Integration - joining people, processes, systems
• Excellent presentation and writing skills
• Experience with cross-functional collaboration
• Ability to build and maintain strong ties in a multicultural environment
• Strong customer orientation
• Advanced hands-on experience with SIEM platforms for real-time monitoring, threat detection, and incident response, including: Splunk, Elastic Stack (ELK), or Sumo Logic
• Designing and implementing SIEM integrations with cloud-native services and Kubernetes environments
• Developing log aggregation strategies, correlation rules, and alerting mechanisms to detect misconfigurations, anomalous behavior, and unauthorized access
• Deep expertise in Infrastructure-as-Code (IaC) with a strong emphasis on scalable and secure design: Terraform (strongly preferred), AWS CloudFormation, AWS CDK
• Proven ability to enforce security guardrails and policy-as-code within IaC pipelines
• Extensive experience with cloud-native security platforms and posture management tools, such as: Wiz, Prisma Cloud, AWS: AWS Security Hub, Amazon GuardDuty, AWS Config, Azure: Microsoft Defender for Cloud, Microsoft Sentinel, GCP: Security Command Center, Forseti Security
• Strong architectural knowledge of cloud security fundamentals, including: Identity and Access Management (IAM) models (RBAC/ABAC) and least-privilege enforcement, VPC architecture, network segmentation, security groups, flow logs, and private endpoints, Encryption standards (TLS), key management (KMS), and secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager)
• Expertise in container and Kubernetes security, including: Pod security controls (Pod Security Policies, Pod Security Standards) and runtime security (e.g., Falco), Policy-as-code frameworks such as Open Policy Agent (OPA)/Gatekeeper, Kyverno, or KubeArmor, Secure image scanning and software supply chain security tools (e.g., Trivy, Grype, Snyk)
• Proven leadership in DevSecOps practices, including: Designing and implementing automated security testing, validation, and remediation within CI/CD pipelines, Driving secure-by-design principles across engineering teams
• Experience conducting cloud security assessments and audits, with the ability to: Identify risks, gaps, and misconfigurations, Deliver actionable remediation guidance aligned with compliance frameworks and incident response strategies
• Strong communication and cross-functional collaboration skills, with experience influencing engineering, DevOps, and platform teams
• Masters in Information Technology, Computer Science (or related education)
• Relevant cloud certifications, such as: AWS, Azure, or GCP Professional/Specialty certifications
• Industry-recognized security certifications, including: CISSP, GIAC, or equivalent advanced security credentials
• Nice-to-have domain expertise in areas such as data telemetry, V2X communications, or OTA infrastructure