Company is seeking a Cloud Security Engineer to join their growing security team. In this role, the engineer will be responsible for identifying, prioritizing, and tracking remediation of cloud misconfigurations across multi-cloud environments including AWS, Azure, and GCP.
Responsibilities:
- Operate the AutoCloud platform and complementary tooling to continuously identify and prioritize cloud misconfigurations across client AWS, Azure, and GCP environments
- Assess client environments against CIS benchmarks and PCI DSS control requirements, tracking findings through to remediation closure
- Prioritize findings by exploitability and attack path risk, translating technical findings into business-relevant language for client stakeholders
- Provide clear, actionable remediation guidance to client IT and security teams; track progress via the remediation dashboard
- Coordinate with the team to ensure cloud provider logs (AWS CloudTrail, Azure Monitor, GCP Cloud Logging) are properly connected, normalized, and feeding into Google Chronicle
- Support entitlement reviews, unused and service account analysis, and identity risk assessments across client identity stores
- Contribute to monthly vulnerability reports (PDF and Excel) covering compliance overviews, CSPM finding summaries, cloud posture trends, and historical aging tables
- Participate in standing meeting cadences and monthly/quarterly business reviews with client IT and security stakeholders to present findings and remediation progress
- Assist in assessing and transitioning client-side tooling during implementation, including evaluation of existing licenses and determining which tools are replaced, retained, or supplemented
- Execute all cloud-side remediation and configuration changes in accordance with client change management processes; all changes require client approval prior to execution
Requirements:
- 3+ years of experience in cloud security, cloud engineering, or a related discipline with hands-on exposure to at least two of: AWS, Azure, GCP
- Demonstrated experience with CSPM tooling (e.g., Prisma Cloud, Wiz, Orca Security, AWS Security Hub, or equivalent)
- Solid understanding of CIS Benchmarks and common cloud misconfigurations
- Experience with IAM concepts, entitlement reviews, and least-privilege enforcement in cloud environments
- Familiarity with PCI DSS control requirements as they relate to cloud infrastructure
- Ability to communicate technical risk clearly to both technical and non-technical audiences
- Experience contributing to written security reports and client-facing deliverables
- Strong organizational skills with the ability to manage concurrent client engagements and remediation tracks
- Experience with AutoCloud or comparable multi-cloud CSPM solutions
- Familiarity with Google Chronicle or other enterprise SIEM platforms
- Experience onboarding cloud provider logs into a SIEM
- Exposure to SCA tools such as Snyk, Trivy, or TruffleHog
- Background in DevSecOps — scripting, automation, or policy-as-code
- Experience in a managed security services provider (MSSP) environment
- Relevant certifications: AWS Security Specialty, Microsoft SC-300/AZ-500, GCP Professional Cloud Security Engineer, CCSP, or equivalent