Cloud and AI Security Engineer

Cloud & AI Security Engineer

Bausch + Lomb is seeking a Cloud & AI Security Engineer to implement, operate, and maintain security controls that protect our cloud platforms and AI‑enabled workloads. This is a hands‑on engineering role focused on executing well‑defined security patterns and controls across cloud infrastructure, identity, and data protection, while partnering with IT, Dev Ops, data, and application teams to embed security into day‑to‑day delivery.

• Implement and maintain cloud security controls across one primary cloud platform (AWS, Azure, or GCP), including identity, network configuration, logging, monitoring, and guardrails.
• Configure and operate cloud security monitoring and posture management tools (e.g., CSPM / workload protection) to identify misconfigurations, vulnerabilities, and risky behavior, and coordinate remediation with engineering teams.
• Support secure configuration of cloud services (e.g., storage, managed databases, PaaS services, serverless) by applying approved security baselines and patterns.
• Assist with secure design reviews for cloud workloads and provide practical implementation guidance to infrastructure and application teams.

• Implement security controls for AI/ML platforms and GenAI services by applying established requirements for data protection, access controls, and monitoring.
• Support security reviews of AI solutions to reduce common risks (e.g., data exposure, over‑permissive access, insecure integrations) and coordinate remediation actions with responsible teams.
• Help protect sensitive data used by AI systems through encryption, key management, data classification, and DLP controls aligned to approved standards.

• Implement and maintain IAM controls in cloud environments, including role‑based access, least privilege, and access lifecycle practices.
• Support privileged access management (PAM) operations such as onboarding privileged accounts, enforcing controls, and assisting with audits/recertifications as needed.
• Assist with implementation of authentication and authorization controls (MFA, SSO, OAuth/OIDC/SAML) in partnership with platform teams.
• Build or enhance automation scripts (Python, Power Shell, Bash) to reduce manual effort in security operations (e.g., checks, reporting, configuration validation).
• Document configurations, runbooks, and standard operating procedures; participate in improving repeatable security processes.

• Bachelor’s degree in Information Security, Computer Science, Engineering, or related field, or equivalent practical experience.
• 3+ years of experience in security engineering, cloud security, or related engineering roles.
• Hands‑on experience implementing security controls in at least one major cloud platform (AWS, Azure, or GCP).
• Familiarity with cloud security concepts (shared responsibility model, logging/monitoring, identity controls).
• Working knowledge of IAM and privileged access concepts; experience supporting IAM/PAM tooling is a plus.
• Experience with data protection fundamentals (encryption, key management/KMS, data classification).
• Ability to write basic automation scripts (Python/Power Shell/Bash) and work effectively across engineering teams.

• Exposure to AI/ML or GenAI services security controls (e.g., Azure OpenAI, AWS Bedrock, Vertex AI).
• Familiarity with CSPM tools and cloud logging/monitoring workflows.
• Exposure to Infrastructure-as-Code (Terraform/Cloud Formation/ARM) and CI/CD pipelines.
• Exposure to containers/Kubernetes security concepts.
• Security certifications are a plus (CCSP, AWS/Azure security certs, Security+).