Cloud Security Engineer (AWS Focused)

Job Summary

We are seeking a Cloud Security Engineer with deep expertise in AWS security to join our Information Security team. The ideal candidate will have a strong background in securing cloud environments, designing secure architectures, and implementing security best practices within AWS. This role is responsible for protecting our cloud infrastructure, ensuring compliance, and working closely with DevOps, Engineering, and Security teams to integrate security into cloud operations.

The Cloud Security Engineer will be responsible for assessing, developing, and implementing security controls across AWS services, ensuring the security of applications, workloads, and infrastructure deployed in the cloud.

Key Responsibilities

• Design and implement AWS security architectures that align with industry best practices and compliance requirements.
• Assess cloud security risks and enforce security policies across AWS environments.
• Manage and optimize AWS Identity and Access Management (IAM), AWS Organizations, and AWS Control Tower to enforce least privilege access controls.
• Implement and manage AWS security services, including AWS Security Hub, GuardDuty, Macie, Inspector, and WAF.
• Deploy and configure AWS-native encryption solutions, including AWS KMS, CloudHSM, and Secrets Manager for secure key and secret management.
• Integrate and manage AWS logging and monitoring tools, including CloudTrail, CloudWatch, Config, and SIEM integrations for threat detection.
• Ensure network security through secure configurations of AWS VPCs, Security Groups, Network ACLs, AWS Shield, and AWS PrivateLink.
• Work closely with DevOps teams to integrate security controls into CI/CD pipelines using AWS-native and third-party security tools.
• Automate security processes using Terraform, AWS CloudFormation, and Python/Bash scripting to enforce security best practices at scale.
• Implement container and Kubernetes security best practices using AWS EKS, ECS, Fargate, and container scanning solutions.
• Conduct security audits, vulnerability assessments, and penetration testing of cloud infrastructure.
• Ensure compliance with CIS AWS Benchmarks, NIST, ISO 27001, SOC2, PCI-DSS, HIPAA, and other regulatory frameworks.
• Develop and enforce incident response and disaster recovery plans for AWS environments.
• Educate and train internal teams on cloud security best practices and emerging threats.

Minimum Requirements (Must-Have)

• 4+ years of experience in cloud security, with a strong focus on AWS security.
• Hands-on experience securing AWS environments, including IAM, VPC, EC2, S3, RDS, Lambda, EKS, ECS, Fargate, CloudFront, and Route 53.
• Experience with AWS security services, including AWS Security Hub, GuardDuty, Macie, Inspector, WAF, Shield, CloudTrail, and CloudWatch.
• Strong understanding of network security concepts, including firewalls, VPNs, network segmentation, and DDoS mitigation in AWS.
• Knowledge of encryption, key management, and certificate management using AWS KMS, CloudHSM, and ACM.
• Experience implementing AWS-native security controls and automation using Terraform, CloudFormation, and scripting languages (Python, Bash, or PowerShell).
• Familiarity with container security best practices in AWS environments using EKS, ECS, and container scanning tools.
• Knowledge of Zero Trust security models, identity federation, and role-based access controls (RBAC) in AWS.
• Experience conducting cloud security audits, vulnerability assessments, and penetration testing.
• Strong understanding of compliance frameworks such as CIS AWS Benchmarks, NIST, ISO 27001, SOC2, PCI-DSS, and HIPAA.
• Strong problem-solving skills and the ability to work in a fast-paced environment.

Excellent communication skills, with the ability to work cross-functionally with security, engineering, and DevOps teams.