Lead Cloud Security Engineer
Listed on 2026-07-06
-
IT/Tech
Cybersecurity, Cloud Computing: Infrastructure & Operations, Systems Engineer
Responsibilities
- Architect and enforce cloud security controls across AWS and Azure, including IAM policies, network segmentation, encryption, and logging configurations.
- Manage and optimize cloud security posture management (CSPM) and cloud workload protection (CWPP) tooling.
- Conduct cloud security assessments, identify misconfigurations, and drive remediation with engineering teams.
- Design and implement guardrails for Infrastructure-as-Code (IaC) pipelines (Terraform, Cloud Formation, Bicep) to prevent insecure deployments.
- Monitor and respond to cloud-specific threats, integrating cloud telemetry into SIEM and detection workflows.
- Evaluate and harden container and serverless architectures (EKS, ECS, Lambda, AKS, Azure Functions).
- Develop and maintain cloud security standards, reference architectures, and runbooks.
- Support incident response activities for cloud-based security events.
- Partner with Engineering and Application Development teams to embed security into CI/CD pipelines.
- Provide technical input on cloud security tooling decisions, vendor evaluations, and proof‑of‑concept testing.
- Stay current on cloud provider security features, emerging threats, and evolving compliance requirements (SOC2, ISO
27001, NISTCSF, PCIDSS as applicable).
- Education/
Certifications:
Bachelor’s degree in Computer Science, Information Security, Information Technology, or a related field. - Experience: 7+ years of progressive experience in information security, with at least 4 years focused on cloud security engineering.
- Knowledge, Skills, and Abilities:
- Deep hands‑on experience with both AWS and Microsoft Azure security services, including: AWS: IAM, Guard Duty, Security Hub, Cloud Trail, Config, KMS, VPC security, WAF, Organizations/SCPs;
Azure:
EntraID, Defender for Cloud, Azure Policy, Key Vault, NSGs, Azure Monitor, Sentinel. - Strong experience with cloud security posture management (CSPM) platforms (e.g., Wiz, Orca, Rapid7 Insight Cloud Sec , Crowd Strike Falcon Cloud Security).
- Working knowledge of Infrastructure-as-Code (Terraform, Cloud Formation, or ARM/Bicep templates) and securing IaC pipelines.
- Experience with container security (Docker, Kubernetes) and serverless security patterns.
- Capable of persuading non-security leaders by linking security initiatives to operational continuity, consumer trust, and compliance posture.
- Solid understanding of network security principles applied to cloud environments (VPCs, transit gateways, private endpoints, zero trust network architecture).
- Familiarity with CI/CD security integration and Dev Sec Ops practices.
- Ability to communicate complex technical concepts to both engineering peers and non-technical stakeholders.
- Collaborative approach to working across engineering, IT, and product teams.
- Deep hands‑on experience with both AWS and Microsoft Azure security services, including: AWS: IAM, Guard Duty, Security Hub, Cloud Trail, Config, KMS, VPC security, WAF, Organizations/SCPs;
- Other requirements: Required to be in the office at least three days a week;
Monday and Wednesday are mandatory; ability to manage and monitor major incidents during non-business hours.
- Certifications:
AWS Security Specialty, Azure Security Engineer Associate (AZ-500), CCSP, CISSP, or equivalent. - Experience with cloud detection and response (CDR) tooling and cloud-native threat detection.
Pay range: $ – $. Base pay may vary based on factors such as location, education, training, and experience. In addition to base pay, a comprehensive benefits package and 401(k) contribution are offered (eligible benefits subject to requirements). The position may participate in a short‑term incentive plan subject to applicable plans and policies.
Equal Opportunity EmploymentChamberlain Group is an Equal Opportunity Employer. All qualified applicants will receive consideration regardless of race, color, religion, sex, national origin, age, sexual orientation, ancestry, marital status, disability, veteran status, or any other protected characteristic. Individuals with disabilities who anticipate needing accommodations for any part of the application process may contact Staffing agencies or recruiters should not contact hiring managers directly.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).