Senior Cloud Security Engineer

Position Title:

Experience: 5

Location:

Hire Type:

Start Date:

About us:

Required Skills & Experience:

• 5–10 years of experience in information security, with at least 3+ years in cloud security engineering.
• Strong hands-on experience in AWS, and familiarity with Azure or GCP.
• Expertise in IAM, encryption, network security, logging, monitoring, and incident response within cloud environments.
• Proficiency with IaC (Infrastructure as Code) — Terraform, or CloudFormation.
• Experience with container and Kubernetes security (EKS, AKS, GKE).
• Practical experience with SAST, DAST, and SCA tools integrated into CI/CD.
• Strong knowledge of vulnerability management tools (e.g., AWS inspector, Trend Micro Cloud One).
• Understanding of Zero Trust principles and shared responsibility models.
• Familiarity with automation and scripting (Python, Bash, PowerShell).

Key Responsibilities:

• Architect and implement cloud security frameworks aligned with organizational policies, regulatory standards, and industry best practices.
• Design and enforce Identity & Access Management (IAM) strategies, including least privilege, role-based access, and federated identity integration.
• Implement and manage cloud-native security controls — AWS Guard Duty, Security Hub, Inspector, etc.
• Lead security assessments — perform threat modelling, risk analysis, and security reviews of cloud architectures and deployments.
• Integrate security into CI/CD pipelines (DevSecOps) using tools like GitHub Actions, Jenkins, Terraform, CloudFormation, and container security tools.
• Manage vulnerability management lifecycle — scanning, triaging, remediation, and verification.
• Define and implement network security controls — firewalls, WAFs, VPC segmentation, and private connectivity (Transit Gateway, Private Link, etc.).
• Monitor, detect, and respond to cloud security incidents using SIEM/SOAR tools (Splunk, Sentinel, CloudWatch, Trend Micro Vision One, etc.).
• Collaborate with application and infrastructure teams to embed security best practices throughout the SDLC.
• Perform regular compliance checks against benchmarks such HIPAA, SOC 2, etc.
• Conduct SAST/DAST reviews for cloud-hosted applications and work closely with development teams to address vulnerabilities.
• Mentor junior engineers and drive internal knowledge-sharing initiatives on cloud security topics.
• Stay current on emerging cloud security threats, zero-day vulnerabilities, and AI-driven attack trends.

www.dataunveil.com