Cloud Security Engineer

The Nuclear Company is the fastest growing startup in the nuclear and energy space creating a never before seen fleet‑scale approach to building nuclear reactors. Through its design‑once, build‑many approach and coalition building across communities, regulators, and financial stakeholders, The Nuclear Company is committed to delivering safe and reliable electricity at the lowest cost, while catalyzing the nuclear industry toward rapid development in America and globally.

The Nuclear Company is searching for a Cloud Security Engineer to help secure the AWS cloud infrastructure, network architecture, identity systems, and deployment platforms that power our Nuclear Operating System, internal engineering platforms, data environments, and mission‑critical business systems.

This is a high‑ownership role for a hands‑on security builder who is equally comfortable designing AWS account architecture, reviewing Terraform, hardening VPC and transit‑network patterns, building IAM guardrails, debugging cloud logs, and partnering directly with engineers to ship secure infrastructure quickly.

You will work across cybersecurity, infrastructure, product engineering, platform engineering, data science, and operations to embed security into the way we design, deploy, monitor, and operate AWS‑based systems. You will help define secure cloud architecture, implement security controls as code, build scalable guardrails, and support the security expectations of a regulated, high‑consequence infrastructure company.

This role reports into Senior Manager for Application and Product Security.

• Own and improve the security architecture for AWS environments that support The Nuclear Company’s engineering, product, data, and business systems.
• Design and implement secure multi‑account AWS patterns using AWS Organizations, service control policies, identity federation, account baselines, network segmentation, and centralized logging.
• Establish cloud‑security standards for IAM, encryption, secrets management, logging, backup, data protection, workload isolation, and incident response.
• Partner with software developers and platform engineers to review and harden cloud‑native services, including compute, storage, networking, databases, serverless workloads, containers, and managed AWS services.
• Translate business, engineering, and regulatory requirements into practical AWS security controls that can scale with the company.

• Build and maintain least‑privilege access models for human users, workloads, service accounts, CI/CD systems, and third‑party integrations.
• Harden AWS IAM, IAM Identity Center, role assumption patterns, permission boundaries, resource policies, and cross‑account access.
• Reduce long‑lived credentials, standing privileges, orphaned access, and excessive permissions across AWS environments.

• Design and review secure AWS network architectures, including VPCs, subnets, routing, security groups, NACLs, transit gateways, private connectivity, VPNs, Direct Connect, Private Link, VPC endpoints, egress controls, and network inspection patterns.
• Implement and improve protections for internet‑facing and internal services, including WAF, DDoS protection, load balancers, API gateways, DNS, TLS, and edge controls.
• Partner with infrastructure teams to define secure network segmentation between development, staging, production, corporate, partner, and sensitive data environments.

• Build security controls as code using Terraform, CDK, Cloud Formation, policy‑as‑code, CI/CD checks, and automated remediation.
• Review infrastructure‑as‑code changes for security risks before they reach production.
• Establish paved roads for engineers through secure Terraform modules, reusable cloud patterns, baseline account templates, and documented deployment standards.

• Build and improve cloud detection and response capabilities using AWS‑native and third‑party tooling, including Cloud Trail, Guard Duty, Security Hub, Config, VPC Flow Logs, Cloud Watch,…