Cloud Security Automation Engineer- Remote (Anywhere in the U.S.)

Job Summary:

We are seeking an experienced Cloud Security Automation Engineer to join our consulting team. In this client-facing role, you will work with various organizations to secure their cloud-native workloads, including the entire lifecycle of Kubernetes environments. You will leverage your expertise in Policy as Code, Infrastructure as Code (IaC), secrets management, and CI/CD platforms to help clients build secure, scalable, and automated cloud infrastructures.

Key Responsibilities:

• Client Engagement: Collaborate with clients to understand their cloud security needs, assess current environments, and provide expert guidance on securing cloud-native and multi-cloud workloads.
• Kubernetes Security Consulting: Design, implement, and provide guidance on securing Kubernetes clusters for clients, including best practices in cluster hardening, network policies, RBAC, and runtime security.
• Policy as Code: Advise clients on developing and enforcing security policies using tools like OPA (Open Policy Agent), HashiCorp Sentinel, or other Policy as Code solutions to maintain compliance across their cloud environments.
• Infrastructure as Code (IaC) Consulting: Work with clients to secure their IaC deployments using tools such as Terraform, CloudFormation, or Bicep templates, ensuring security best practices are followed.
• Secrets Management: Assist clients in implementing and automating secrets management solutions using tools like HashiCorp Vault, AWS Secrets Manager, or Kubernetes Secrets.
• CI/CD Pipeline Security: Collaborate with clients' DevOps teams to integrate security controls into their CI/CD processes, leveraging tools like Jenkins, GitHub Actions, GitLab CI, and other automation platforms.
• Cloud-Native Workloads: Guide clients in securing various cloud-native services, including serverless functions, containers, and managed cloud services using best-in-class security tools and practices.
• Monitoring & Remediation: Help clients implement monitoring and logging solutions for cloud security events and automate threat detection and response using SIEM tools and cloud-native services.
• Training & Best Practices: Educate clients' teams on cloud security best practices, secure automation techniques, and security-as-code methodologies.
• Automation: Develop scripts, tools, and playbooks to assist clients in automating repetitive security tasks, ensuring consistent enforcement of security controls across cloud environments.

Qualifications:

• Proven experience in consulting or a similar role, with a focus on securing cloud-native environments, particularly Kubernetes.
• Proficiency in Policy as Code tools (e.g., Open Policy Agent, Kyverno, HashiCorp Sentinel) and experience guiding clients in their implementation.
• Expertise in Infrastructure as Code (IaC) tools like Terraform, CDKTF, AWS CloudFormation, AWS CDK, Bicep, or Azure Resource Manager (ARM).
• Strong knowledge of secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, Akeyless, Azure KeyVault) and the ability to guide clients through the implementation process.
• Experience with CI/CD & GitOps platforms and integrating security into DevOps & GitOps processes (e.g., Jenkins, GitHub Actions, GitLab CI, ArgoCD, Harness, ADO).
• Solid understanding of cloud platforms (AWS, Azure, GCP, or OCI) and their native security services.
• Excellent client-facing communication and presentation skills, with the ability to work collaboratively in diverse environments.
• Experience with scripting and automation (e.g., Python, Bash, PowerShell) to support client engagements.
• Preferred: Certifications such as
• Kubernetes & Cloud Native Association Certifications:
• Certified Kubernetes Security Specialist (CKS)
• Certified Kubernetes Administrator. (CKA)
• Certified Kubernetes Application Developer (CKAD)
• Kubernetes and Cloud Native Associate (KCNA)
• Kubernetes and Cloud Native Security Associate (KCSA)
• CSP Certifications:
• AWS Certified Security - Specialty
• AWS DevOps Engineer - Professional
• AWS Solutions Architect -- Professional and/or Associate
• AWS SysOps Administrator - Associate
• AWS Developer - Associate
• Azure Security Engineer Associate - AZ-500
• Azure Developer Associate - AZ-204
• Azure DevOps Engineer - AZ-400
• Google Cloud Engineer
• Google Cloud Architect
• Google Cloud Developer
• Google Cloud Security Engineer
• Google Cloud DevOps Engineer
• HashiCorp Certifications
• Terraform Associate
• Terraform Authoring and Operations Professional
• Vault Associate
• Vault Operations Professional
• Consul Associate
• Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK)

Preferred Skills:

• Experience with container security tools (e.g., Aqua Security, CNAPPs (Prisma Cloud, Wiz, Crowdstrike), Falco).
• Familiarity with cloud security frameworks (e.g., CIS, NIST, ISO) and the ability to guide clients in adopting them.
• Knowledge of DevSecOps practices and experience in integrating security into the software development lifecycle.