Lead Cloud Security Engineer

Job Summary

We are seeking a Lead Cloud Security Engineer to design, implement, and maintain a secure, scalable, and resilient cloud infrastructure.

This role focuses on strengthening access control, threat detection, data protection, and compliance in AWS and/or Azure environments.

The ideal candidate will have expertise in cloud-native security tools, automation, and DevSecOps integration while collaborating with cross-functional teams to enforce security best practices.

Key Responsibilities

• Identify and assess security risks, communicate threats to stakeholders, and implement remediation strategies.
• Design and maintain preventive and remediation controls across AWS and Azure.
• Apply security frameworks, including CIS Benchmarks, AWS Foundational Security Best Practices (FSBP), and Microsoft Cloud Security Benchmark (MCSB).
• Track and report on the effectiveness of AWS/Azure detective controls and third-party security solutions (e.g., Wiz).
• Develop security processes, cloud policies, and standards to ensure proactive threat response.
• Assist teams in integrating security into CI/CD pipelines and workflows.
• Implement security automation to improve security posture.
• Conduct security audits and ensure compliance with industry regulations (e.g., GDPR, HIPAA).
• Maintain and manage cloud security documentation.
• Work with developers, architects, and operations teams to enforce security best practices.
• Lead training sessions and workshops on AWS and Azure security.
• Stay updated on emerging cloud security trends and integrate innovative solutions.
  
  

Required Qualifications

• Strong experience in AWS and/or Azure security services.
• Hands-on expertise with AWS: IAM, Security Hub, GuardDuty, CloudTrail, CloudWatch, Config, Automated Security Remediation and Azure: Entra ID, Cloud Defender.
• Experience securing containers and Kubernetes.
• Strong network security skills (e.g., securing virtual networks, firewalls, governance, subnets).
• Knowledge of IaaS resource patching and container image scanning.
• Familiarity with third-party security tools (e.g., Cloud Custodian, Stacklet).
• Experience managing hybrid cloud environments.
• Proficiency in Python, Terraform, AWS Lambda, Azure Functions.
• Hands-on experience with Infrastructure as Code (IaC) tools (e.g., Terraform).
• Experience implementing policy-as-code solutions using GitHub Copilot, AWS Code Whisperer.
• Knowledge of cloud security compliance frameworks (CIS, AWS/FSBP, Microsoft/MCSB, GDPR, HIPAA).
• Expertise in embedding security within DevOps workflows and CI/CD pipelines.
• Hands-on experience with GitHub, Azure DevOps, PowerShell, Bash, AWS/Azure CLI.
• Familiarity with container security in AWS/Azure.
• Strong analytical mindset to assess complex security challenges.
• Ability to effectively communicate security concepts to technical and non-technical stakeholders.
• Collaborative mindset for working in federated operating models.
• Commitment to continuous learning in security best practices and emerging technologies.
  
  

Preferred Certifications

• AWS Certified Security – Specialty
• AWS Certified DevOps Engineer - Professional
• Microsoft Certified: Azure Security Engineer Associate
• Microsoft Certified: DevOps Engineer Expert
• CISSP, CCSP, or equivalent industry certifications
  
  

Skills: container security,devsecops,bash,python,azure security,code,aws/azure cli,aws,teams,network security,security automation,aws security,hybrid cloud management,policy-as-code,github,security compliance,powershell,azure,microsoft,cloud,remediation,azure devops,cloud security,infrastructure as code (iac),devops,terraform,ci/cd integration,security