Cloud Security Engineer, Sr

Overview

Old National Bank has been serving clients and communities since 1834. With over $70 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.

Old National Bank seeks an experienced Cloud Security Engineer with deep expertise in AWS and Azure security services, infrastructure as code, identity and access management, and leading third‑party security tools. The ideal candidate has hands‑on experience designing, implementing, and maintaining security controls across multi‑cloud environments, as well as embedding security into the software development lifecycle (SSDLC) using Infrastructure as Code (IaC) through Terraform and CI/CD automation.

This role requires strong technical acumen, a proactive security mindset, and the ability to collaborate effectively across Info Sec, platform engineering, data engineering, and application development teams.

The salary range for this position is $98,400.00/Yr.

- $/Yr. The base salary indicated for this position reflects the compensation range applicable to all levels of the role across the United States. Actual salary offers within this range may vary based on a number of factors, including the specific responsibilities of the position, the candidate’s relevant skills and professional experience, educational qualifications, and geographic location.

• Design, implement, and maintain secure landing zones across AWS and Azure, using preventive guardrails to block deployment of security misconfigurations.
• Leverage cloud‑native security services such as:
  • AWS: IAM, KMS, Secrets Manager, Service Control Policies, Security Hub, Guard Duty, Cloud Trail, Config, WAF, Inspector, etc.
  • Azure:
    Azure AD, Defender for Cloud, Key Vault, Security Center, Sentinel, Policies, etc.
• Develop and enforce cloud security baselines, guardrails, and configuration standards.
• Support the creation and refinement of cloud control narratives that assert the security posture of our cloud landing zones.
• Implement deep observability to unify logs and metrics across multiple services to derive both real‑time and historical insights.

• Develop, manage, and engage in code review of complex IAM policies that define cross‑account access patterns, ensuring adherence to the Principle of Least Privilege.
• Implement Just‑in‑Time access workflows that avoid long‑lived credentials.
• Support emerging use cases for cloud with bespoke IAM identity and policies that maintain security posture and data privacy.

• Utilize enterprise security tools such as Tenable, Qualys, and Snyk to:
  • Identify, prioritize, and remediate vulnerabilities across cloud workloads.
  • Track and report security posture improvements.
  • Integrate automated scanning into CI/CD pipelines.

• Embed security early in the Secure Software Development Lifecycle (SSDLC).
• Partner with development teams to implement automated security testing.
• Integrate SAST, SCA, and IaC scanning tools into CI/CD pipelines.

• Write, review, and maintain Terraform configurations for cloud resource deployment.
• Implement automated security controls and monitoring via IaC.
• Build and maintain secure‑by‑default Terraform modules that enforce least privilege, encryption, and compliance requirements.

• Develop and fine‑tune cloud security monitoring using native and third‑party tools.
• Assist in cloud‑focused incident management/response, log analysis, forensics, and root‑cause investigations.
• Develop detective, preventive, and proactive controls to identify, prevent, and remediate security misconfigurations and anomalous activity.

• Ensure cloud environments align with frameworks such as NIST, CIS Benchmarks, SOC2, and ISO
  27001.
• Perform continuous compliance checks…