Cloud Security Engineer (AWS) Job Description: 

About the Role 
 

The Information Security team is responsible for partnering in the advancement of DevSecOps throughout the organization as well as the execution of a “cloud-first” Information Security, Business Continuity and Risk Management programs to support our business goals. This includes, but is not limited to security operations, vulnerability and patch management, incident response, disaster recovery, business continuity, risk identification and mitigation planning / implementation, identity management, network security, privacy, and compliance.  
 

The position of Cloud Security Engineer will report directly to the Information Security Architect and is responsible for setting policies and deploying code to implement those policies within cloud environment, predominately AWS.  The role will serve as a key partner within Development, Infrastructure, and Automation teams and is expected to take the lead in the deployment of security guardrails, policies, and tooling in cloud environments.  The Cloud Security Engineer will also be designing, deploying, and overseeing the management of group wide security solutions and executing against the company’s Information Security and Compliance roadmap. This position has significant organizational impact, requiring enterprise perspective, knowledge and change management skills. 
 

Responsibilities: 

• Design and implementation of a defined security architecture and best practices within AWS environments 

• Collaboration with Infrastructure, DevOps, and Automation teams to integrate security into CI/CD pipelines 

• Deployments to AWS environments to implement security guardrails, policies, and tooling 

• AWS best practice assessments 

• Integration of AWS into Security Operations and ongoing enhancements via automation 

• Maintenance of the existing cloud security application tool set. 

• Translate compliance and security requirements into project / process deliverables. 

• Keep current on industry trends and the direction our competitors are heading with respect to business capabilities and technology. 

• Perform research, formal evaluation and prototyping of leading/emerging technologies without oversite. 

• Perform threat hunt remediation in cloud environments 

Requirements and Qualifications: 

• Bachelor’s degree in Computer Science, Information Security, or a related field. 

• 5+ years of experience in cloud security, specifically with AWS. 

• Strong understanding of AWS services, including IAM, VPC, CloudTrail, CloudFormation, and Lambda. 

• Proficient in cloud security best practices and frameworks (CIS, NIST, etc.). 

• Experience with security tools and technologies (e.g., AWS Security Hub, WAF, GuardDuty). 

• Familiarity with Terraform and scripting languages (Python, Bash) for automation of security tasks. 

• Relevant certifications (e.g., AWS Certified Security – Specialty, CISSP, CISM) are highly desirable 

• Experience in applying security to cloud technologies (managing secrets, Securing CI/CD pipelines, Infrastructure as Code, Container Security) 

• Experience in implementing enterprise-wide cloud security posture management (e.g. Wiz) / vulnerability management solutions (e.g. Tenable), including container-based vulnerability management. 

• Possession of or ability to obtain professional certifications in information security or risk management, such as a CISSP, CISM, or Microsoft / Azure Security Certifications  

• Strong knowledge of security, regulatory, and control frameworks, such as ISO270001, HIPAA, GDPR, NIST, and CIS. 

• Self-starter who demonstrates strong ownership of their domain  

• Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. 

• High level of personal integrity, and the ability to professionally handle confidential matters. 

• Natural passion for security and strong drive to see both projects and investigations to completion.