Job
Description
We are looking for a skilled Cloud Security Engineer to serve as our subject matter expert for Palo Alto Prisma Cloud. You will be the primary owner responsible for designing, implementing, assessing and managing cloud security strategy using the Prisma platform to protect multi-cloud environments. Your expertise will be critical in ensuring continuous compliance, automating security controls, and preventing cloud-native threats.This is a strategic, hands-on role that bridges the gap between the security team and cloud engineering, requiring a good understanding of both cloud architecture and security principles. Key Responsibilities
Prisma Cloud Strategy & Architecture:
Serve as the technical owner and SME for the entire Palo Alto Prisma Cloud suite.Architect, deploy, and optimize Prisma Cloud across our Multi-cloud environments to provide comprehensive visibility and protection.Design and implement a "Shift-Left" security strategy by integrating Prisma Cloud into CI/CD pipelines (DevSecOps).Manage the entire lifecycle of the Prisma Cloud platform, including policy management, access controls, and system health.
Review least privilege & MFA across cloud assets
Cloud Security Posture Management (CSPM):
Develop, customize, and maintain compliance frameworks within Prisma Cloud CSPM to enforce security benchmarks (e.g., CIS, NIST, PCI-DSS).Proactively identify, prioritize, and remediate cloud misconfigurations and compliance violations across IaaS, PaaS, and SaaS.Create detailed reports and dashboards for leadership and auditors, demonstrating the effectiveness of our cloud security controls.Review cloud security strategy & governance, Define cloud security baselines.
Cloud Workload Protection (CWP) & Code Security:
Implement and manage Prisma Cloud CWP to provide runtime protection for workloads and containers.Configure agent-based and agentless protection strategies for virtual machines, containers, and serverless functions.Utilize Prisma Cloud's code security capabilities (IaC Scanning) to scan infrastructure-as-code templates (Terraform, CloudFormation, ARM) for security issues before deployment.Lead the response to cloud workload security alerts, performing investigation and remediation.
Cloud Network Security & Identity Analytics:
Leverage Prisma Cloud's network security features to visualize traffic flows, detect network-based threats, and enforce micro-segmentation policies.Utilize Cloud Identity Analytics (CNAPP) to monitor identity and access configurations, detecting risky entitlements and anomalous user behavior.
Automation & Integration:
Automate remediation actions by integrating Prisma Cloud with SOAR platforms (e.g., Cortex XSOAR), ticketing systems, and cloud provider-native services.Develop scripts (Python, Python, or Terraform) to automate security tasks and enforce governance.
Collaboration & Leadership:
Partner with Cloud, DevOps, and Application Development teams to embed security into the development lifecycle.Mentor junior cloud security analysts and engineers.Stay current with emerging cloud threats, attacker TTPs (Tactics, Techniques, and Procedures), and new features within the Prisma Cloud platform.
Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications & Experience
5+ years of experience in cybersecurity, with at least 3 years focused specifically on cloud security. 2+ years of direct, hands-on experience with Palo Alto Prisma Cloud in a production, multi-cloud environment.Proven experience in deploying, configuring, and managing core Prisma Cloud modules (CSPM, CWP, IaC Security).Good hands-on experience with at least one major cloud provider (AWS, Azure, or GCP), including a deep understanding of their native security services and IAM models.Proficiency in infrastructure-as-code (IaC) tools like Terraform, CloudFormation, or ARM Templates.Scripting or programming skills (e.g., Python, Python, Go) for automation.
Preferred technical and professional experience Preferred Qualifications any of:
At least one Palo Alto Networks certification Require: PCCSE (Cortex Certified Security Engineer) PCCET (Prisma Certified Cloud Entry-level Technician) PCCSP (Prisma Certified Cloud Security Professional) -Highly DesiredCloud provider certifications (e.g., AWS Certified Security – Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer).Experience integrating Prisma Cloud with CI/CD tools (e.g., Jenkins, GitLab, GitHub Actions).Familiarity with container and Kubernetes security principles.Excellent problem-solving and communication skills, with the ability to articulate complex security risks to technical and non-technical stakeholders.
