LB - CLOUD SECURITY ENGINEER - 157

We are seeking a highly skilled and experienced Senior Cloud Security Engineer to join our team.
This role is critical in ensuring the security and integrity of our cloud-native environments, with a primary focus on Amazon Web Services (AWS).
The ideal candidate will design, implement, and manage secure AWS cloud architectures, develop and enforce cloud security standards and policies, and automate security controls using Infrastructure as Code (IaC) tools.
This position requires a proactive self-starter who thrives in a collaborative environment, working closely with DevOps and engineering teams to embed security into every stage of the software development lifecycle.
Responsibilities Develop and maintain secure cloud infrastructure leveraging AWS best practices, ensuring robust protection of data and services.
Create, update, and enforce cloud security standards and policies to maintain compliance and reduce risk.
Use Infrastructure as Code tools such as Terraform and CloudFormation to automate the deployment and management of security controls.
Collaborate with DevOps and engineering teams to embed security checks and controls into continuous integration and continuous deployment workflows.
Utilize Security Information and Event Management (SIEM) systems and AWS-native logging tools like CloudWatch and CloudTrail to detect, analyze, and respond to security incidents.
Identify potential threats and vulnerabilities in cloud environments and recommend mitigation strategies.
Oversee AWS Identity and Access Management (IAM) policies and practices to enforce least privilege and zero trust security principles.
Implement Data Protection Strategies.
Design and enforce encryption, key management, and data loss prevention mechanisms to safeguard sensitive information.
Support Compliance Initiatives.
Assist in achieving and maintaining compliance with industry standards and regulations such as SOC 2, HIPAA, ISO , and FedRAMP.
Continuous Learning and Collaboration.
Stay current with emerging cloud security trends and technologies, and work cross-functionally to promote a culture of security awareness and best practices.
Amazon Web Services (AWS).
Deep expertise in AWS services and architecture, including compute, storage, networking, and security components.
Terraform.
Proficient in using Terraform to define, provision, and manage cloud infrastructure as code, enabling repeatable and auditable deployments.
CloudFormation.
Skilled in AWS CloudFormation for automating the setup and management of AWS resources securely and efficiently.
Python.
Strong scripting skills in Python for automation, security tooling, and integration tasks.
Bash.
Experience with Bash scripting to automate routine tasks and manage cloud environments.
PowerShell.
Knowledge of PowerShell for managing Windows-based cloud resources and automating administrative tasks.
AWS Identity and Access Management (IAM).
Expertise in designing and managing IAM policies, roles, and permissions to enforce secure access controls.
AWS Security Hub.
Experience using AWS Security Hub to aggregate, organize, and prioritize security alerts and compliance status.
AWS GuardDuty.
Proficient in configuring and managing AWS GuardDuty for intelligent threat detection and continuous security monitoring.
AWS Inspector.
Skilled in using AWS Inspector to perform automated security assessments and vulnerability scans.
AWS Config.
Knowledge of AWS Config for continuous monitoring and recording of AWS resource configurations to ensure compliance.
Amazon CloudWatch.
Experience with CloudWatch for monitoring, logging, and alerting on cloud resource performance and security events.
Amazon CloudTrail.
Proficient in using CloudTrail to capture and analyze AWS API activity for auditing and forensic investigations.
Network Security.
Strong understanding of network security principles, including firewalls, VPNs, and secure network architecture within cloud environments.
Virtual Private Cloud (VPC).
Expertise in designing and managing AWS VPCs, including subnets, route tables, NAT gateways, and security groups.
Zero Trust Security.
Familiarity with zero trust security models and their application in cloud environments to minimize trust zones and enforce strict access controls.
Security Information and Event Management (SIEM).
Experience with SIEM tools for aggregating, analyzing, and responding to security events.
Incident Response.
Proven ability to lead and participate in incident response activities, including investigation, containment, and remediation.
Nice-to-Have Skills AWS Certified Security – Specialty.
Certification demonstrating advanced knowledge of AWS security best practices and services.
AWS Certified Solutions Architect.
Certification validating expertise in designing and deploying scalable, highly available AWS systems.
AWS Certified DevOps Engineer.
Certification indicating proficiency in implementing and managing continuous delivery systems and methodologies on AWS.
AWS Organizations.
Experience managing multiple AWS accounts and applying governance at scale using AWS Organizations.
Amazon Elastic Container Service (ECS).
Knowledge of container orchestration and security best practices within ECS environments.
Tenable.
Familiarity with Tenable vulnerability management tools for identifying and mitigating security risks.
Prisma Cloud.
Experience with Prisma Cloud for comprehensive cloud security posture management and threat detection.
Wiz.
Knowledge of Wiz cloud security platform for risk assessment and vulnerability management.
Lacework.
Experience using Lacework for cloud workload security and anomaly detection.
Compliance Frameworks.
Understanding of compliance requirements and frameworks such as SOC 2, HIPAA, ISO , and FedRAMP.
Penetration Testing.
Skills in conducting penetration tests to identify security weaknesses and recommend improvements.
Red Teaming.
Experience simulating adversarial attacks to test and improve security defenses.
Blue Teaming.
Expertise in defending against attacks and improving incident detection and response capabilities.
Threat Intelligence.
Ability to gather, analyze, and apply threat intelligence to enhance security posture and proactive defense.