Senior Security Engineer – Cloud & Data Security , NY

New York, NY

We are hiring a Senior, hands‑on Cloud Security Engineer to secure a large‑scale, cloud‑native SaaS platform. This is an engineering‑first role for someone who builds security solutions—not just manages tools.

You will be a SME for cloud security architecture across platform, IAM, network, workload, data, and AI enablement, and partner with Engineering, Security, and Product to implement scalable controls that support business growth. You’ll design secure architectures, embed controls into infrastructure‑as‑code, and build automated guardrails so teams can move fast without waiting on manual security approvals.

We’re looking for a builder‑defender who thrives in complex cloud environments, automates aggressively (“let the robots do the work”), and can scale cloud security for a fast‑moving SaaS company.

• Architectural Leadership: Partner deeply with infrastructure and engineering teams to embed security into development workflows, leading high‑level technical discussions to guide security efforts and strategic priorities.
• Multi‑Cloud Engineering: Design, implement, and continuously improve Sigma Cloud Security across AWS, GCP, and Azure environments with architect‑level technical depth.
• Threat Modeling & IR: Conduct cloud threat modeling and demonstrate hands‑on experience in Cloud Incident Response, including investigating and remediating malicious activity within cloud environments.
• Identity & Access: Build IAM and privileged access strategy (RBAC/ABAC, federation, least privilege, cross‑account access), eliminating standing privilege and long‑lived credentials. Develop and enforce IAM best practices, including zero‑trust models and privileged access controls across IaaS and SaaS.
• Drive cloud data security controls: including classification, encryption/KMS, masking/tokenization, access governance, retention/deletion, and exfiltration risk reduction across APIs and data pipelines.
• Develop automated remediation workflows: for recurring cloud misconfigurations, drift, and policy violations to reduce manual effort and response time.
• Security Stack Management: Deploy and manage cloud‑native services (CSPM, CNAPP, DSPM, SIEM, DLP, WAF, Kubernetes, and container security).
• Network Defense: Review and apply zero‑trust principles through strict network segmentation, authentication, and authorization.
• Automation: Develop sophisticated signatures/rules for cloud security and automate detection and response workflows.
• AI: Use AI securely and effectively to scale security practices and improve team efficiency.
• Continuous Evolution: Stay ahead of threats by leveraging intelligence, attack simulation, and red/blue team learnings.

• Minimum 7+ years in Security roles with at least 5+ years focused on Cloud security engineering, IAM, and Data security
• Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field.
• Deep technical expertise in cloud architectures AWS/Azure/GCP; including IAM, networking (VPCs, security groups, Private Link), and native security services is strongly desired.
• Strong infrastructure‑as‑code skills—you write Terraform professionally, not just read it.
• Advanced understanding and experience with container security, Kubernetes, and secure CI/CD pipeline design
• Proven ability to demonstrate incident response experience specifically related to cloud‑based malicious activity and breach remediation.
• Advanced Cloud IAM expertise: federation, SSO, PAM/JIT access, service identities, and least privilege design.
• Strong background in cloud network security (segmentation, private connectivity, egress controls, WAF).
• Strong proficiency in scripting languages (e.g., Python, Go, Power Shell) for automation, data analysis, and security tooling development.
• Strong knowledge of security platforms such as CNAPP (Wiz), WAF (Cloudflare), SASE (Netskope)
• Demonstrated ability to lead cloud/saas architecture reviews and influence senior engineering stakeholders.
• Experience securing data platforms (nice to have) - Snowflake, Databricks, Big Query etc.
• Experience in high‑growth SaaS or data platforms Organizations (nice‑to‑have)
• Prior experience in…