HCI Systems, IncRemote
Cloud Security Engineer
United States of America
Full Time
6 days ago
$110,000 - $140,000 USD
No H1B
Key skills
AWSAzureGCPTerraformKubernetesAnsibleECSEKSCloudFormationEC2S3RDSIAMPrismaOktaSplunkGitLabServiceNowJiraCommunicationTrivyCloud Security
About this role
Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation. They are seeking a Cloud Security Engineer to focus on day-to-day security engineering, including system hardening, vulnerability remediation, and security tool management across AWS environments.
Responsibilities:
- Perform systems administration and maintenance including patching, vulnerability scanning, compliance scanning and remediation, backups, and recovery for cloud workloads
- Primarily support AWS environments, including Windows and Linux virtual machines, container workloads, and cloud-native services such as EC2, EBS, S3, RDS, EKS, ECS, IAM, CloudTrail, GuardDuty, Security Hub, WorkSpaces, and related AWS security services
- Support GCP and Azure cloud environments as needed, including compute, storage, identity, and containerized workloads
- Configure, update, and maintain security tools for endpoint protection, log collection, vulnerability scanning, compliance monitoring, and cloud security posture management (CSPM)
- Troubleshoot issues across network, compute, application, and identity layers by reviewing logs, collecting data, and analyzing system behavior
- Implement hardening and compliance controls using CIS Benchmarks, DISA STIGs, and FedRAMP requirements
- Remediate vulnerabilities identified by tools such as Tenable, Trivy, OpenSCAP, Anchore, Prisma Cloud/Twistlock, and similar security platforms
- Provide quality assurance feedback during system deployments to ensure architecture meets compliance and operational requirements
- Collaborate with Security Analysts to ensure uninterrupted delivery of security services to customers
- Create and maintain documentation including network diagrams, dataflow diagrams, SOPs, and security tool configuration guides
- Support client communications, deliverables, and issue resolution with strong verbal and written communication skills
- Support and mentor junior engineers as needed
- Contribute to automation and infrastructure-as-code initiatives supporting secure cloud operations and continuous compliance
- Serve as primary or backup on‑call engineer during assigned rotation
- Respond to after‑hours security alerts, infrastructure incidents, outages, and ConMon events
- Perform initial triage, containment, and stabilization using established runbooks
- Investigate and respond to alerts generated
- Escalate complex issues to senior engineers, architects, or compliance teams
- Document incidents, actions taken, and recommended improvements
- Contribute to automation improvements and runbook enhancements
Requirements:
- Six (6) or more years of IT engineering and/or cybersecurity experience, with at least three (3) years working in a dedicated cloud security engineering or similar position
- Strong hands-on experience supporting AWS environments in a security engineering, cloud operations, or DevSecOps capacity
- Experience securing and supporting AWS-native services and cloud security tooling, including IAM, logging/monitoring, vulnerability management, container security, and cloud compliance
- Familiarity with GCP and/or Azure cloud environments and the ability to support multi-cloud environments as needed
- Ability to diagnose and resolve issues across Linux and Windows systems, network infrastructure, and cloud services
- General systems administration and vulnerability management experience, including system patching and hardening, identity and access management (IAM), and related tasks
- Experience working in a DevSecOps environment, integrating security practices into cloud and infrastructure workflows
- Experience with cloud-native security tooling and monitoring solutions
- Familiarity with ITSM ticketing systems such as GitLab (preferred), Jira, ServiceNow, etc
- Ability to work independently during both business hours and on-call periods
- Strong written and verbal communication skills for customer interaction and incident documentation
- Hands‑on experience with one or more of the following tools: Splunk Enterprise, Tenable Security Center/Nessus, Invicti/Acunetix, Appgate, Okta, GitLab, Palo Alto Networks Firewalls, TrendMicro Deep Security, Trivy, Anchore, Terraform, CloudFormation, Ansible
- Bachelor's Degree in Computer Science or other relevant field
- Experience supporting federal/government-facing customers or consulting engagements, ensuring compliance and operational requirements
- Experience with FedRAMP, FISMA, or NIST 800-53 compliance frameworks
- Prior on-call, SRE, SOC, or incident response experience
- Relevant AWS certifications such as AWS Certified Security – Specialty, Solutions Architect, or SysOps Administrator
- Security+ or other relevant industry security certification
- Experience with infrastructure-as-code or automation tooling
- Experience with Kubernetes and container security is highly desirable