Cloud Security Engineer

We’re looking for a hands-on Cloud Security Engineer who loves building, automating, and scaling security in modern cloud environments. In this role, you’ll help design secure-by-default cloud foundations across AWS and Azure, create paved-road patterns that engineering teams actually want to use, and codify guardrails so secure deployment becomes the default—not a bottleneck.

Success in this role means earning trust through automation. You’ll ensure every workload is observable, compliant, and resilient—without slowing innovation.

Submit your CV and any additional required information after you have read this description by clicking on the application button.

Responsibilities:

Architect & Automate Secure Cloud Foundations

• Design and maintain secure landing zones and paved-road templates across AWS and Azure (IAM, networking, encryption, logging, monitoring, backups, and key management).
• Build and maintain Infrastructure-as-Code (Terraform, ARM/Bicep, CloudFormation) with embedded security controls.
• Enforce guardrails via CI/CD policy gates and policy-as-code (OPA, Conftest, Terraform Sentinel).
• Implement and manage CSPM/CWPP tooling (e.g., Wiz, Prisma Cloud, Defender for Cloud) to detect misconfigurations and drift.

Secure Identity, Access & Network Boundaries

• Engineer least-privilege IAM and federated access across AWS IAM, Azure AD, and hybrid environments.
• Design zero-trust and private connectivity architectures (Private Link, VPC Peering, Transit Gateways, Azure Virtual WAN).
• Integrate secrets and key management (AWS KMS, Azure Key Vault) into developer workflows and pipelines.
• Establish scalable patterns for cross-account access, conditional access, and machine identities.

Defend, Detect & Respond

• Build and tune cloud-native detections using GuardDuty, Security Hub, Defender, Sentinel, and CloudTrail.
• Develop detection-as-code pipelines for alerts, thresholds, and response actions.
• Partner with SOC and IR teams to improve telemetry, context, and cloud-specific runbooks.
• Implement data protection controls for object and block storage.

Enablement, Governance & Risk

• Translate cloud security risks into clear, actionable engineering guidance.
• Act as a trusted advisor in architecture and design reviews.
• Drive continuous compliance (NIST 800-53, CIS, ISO 27001, SOC 2) through automation and evidence collection.
• Publish dashboards and metrics for security coverage and control health.
• Own triage and prioritization of cloud misconfiguration and vulnerability findings.

Qualifications

• 5+ years of hands-on Cloud Security Engineering experience across AWS and Azure.
• Strong experience with Infrastructure as Code (Terraform, Bicep, or CloudFormation).
• Deep knowledge of IAM, cloud networking, and encryption/key management.
• Experience with cloud-native security tools (Security Hub, GuardDuty, Defender, Sentinel) and CSPM platforms (Wiz, Prisma Cloud, Orca).
• Proven ability to embed security controls into CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins, GitLab, or Harness). xywuqvp
• Scripting experience (Python, PowerShell, or Bash).
• Practical experience with container (EKS/AKS), serverless, and m