Cloud Security Engineer

Cloud Security Engineer

We are seeking a Cloud Security Engineer with deep AWS expertise to secure our cloud infrastructure, applications, and workloads. This role is responsible for designing and implementing security controls, ensuring compliance, and integrating security into Dev Ops and engineering workflows. The Cloud Security Engineer will play a key role in protecting AWS environments and driving best practices across the organization.

• Design and implement AWS security architectures aligned with compliance and best practices.
• Assess cloud security risks, enforce security policies, and support audits across AWS environments.
• Manage AWS Identity and Access Management (IAM), Organizations, and Control Tower to enforce least privilege and role‑based access controls.
• Deploy and manage AWS‑native security services such as Security Hub, Guard Duty, Macie, Inspector, WAF, and Shield.
• Configure and maintain encryption solutions (AWS KMS, Cloud
  
  HSM, ACM, Secrets Manager).
• Integrate AWS logging and monitoring (Cloud Trail, Cloud Watch, Config) with SIEM platforms for threat detection.
• Secure networks via AWS VPCs, Security Groups, ACLs, and Private Link.
• Work with Dev Ops to embed security in CI/CD pipelines using AWS‑native and third‑party tools.
• Automate security with Terraform, Cloud Formation, and scripting (Python, Bash, Power Shell).
• Apply container and Kubernetes security practices for AWS EKS, ECS, and Fargate environments.
• Conduct vulnerability assessments, penetration testing, and remediation in AWS environments.
• Drive compliance with CIS AWS Benchmarks, NIST, ISO 27001, SOC2, PCI‑DSS, and HIPAA frameworks.
• Develop and test incident response and disaster recovery plans for cloud systems.
• Train internal teams on cloud security risks, controls, and emerging best practices.

• 10+ years of IT/security experience with 4+ years focused on AWS cloud security.
• Strong knowledge of AWS‑native security tools (Guard Duty, Security Hub, Macie, Inspector, WAF, Shield, Cloud Trail, Cloud Watch).
• Proficiency in encryption and key management using AWS KMS, Cloud
  
  HSM, and ACM.
• Experience with Infrastructure‑as‑Code and automation (Terraform, Cloud Formation, Python, Bash, Power Shell).
• Skilled in container and serverless security (EKS, ECS, Fargate, Lambda).
• Knowledge of Zero Trust, identity federation, and RBAC in AWS environments.
• Experience with vulnerability scanning, penetration testing, and audit readiness in cloud environments.
• Familiarity with SIEM and SOAR tools, incident response, and forensic analysis in AWS.
• Experience with multi‑cloud environments (Azure, GCP) is a plus.
• AWS Security Specialty or equivalent certifications preferred (CISSP, Solutions Architect, Dev Ops Engineer).

• Strong problem‑solving mindset with the ability to act proactively in fast‑paced environments.
• Excellent communicator, able to explain security concepts to technical and business stakeholders.
• Team‑oriented collaborator who integrates security seamlessly into Dev Ops and engineering workflows.
• Dedicated to continuous learning, with a passion for emerging security technologies and threats.
• Ethical and business‑minded, balancing security best practices with operational needs.

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field preferred.
• Professional certifications such as CISSP, AWS Security Specialty, or equivalent strongly preferred.
• Proven track record of leading cloud security initiatives in regulated industries.

Momentum Financial Services Group welcomes applicants from all backgrounds, genders, and experiences. We are committed to maintaining an inclusive environment and ensuring equitable hiring practices.