Cloud Security Engineer- SOC 2/ISO 27001/GDPR/IAM, VPC Design/AWS
New York, New York
Hybrid
Full Time
$200k - $250k
Cloud Security Engineer
As a Cloud Security Engineer, you’ll play a pivotal role in shaping the company’s security posture as it scales into the enterprise financial sector. Working alongside the infrastructure team, you’ll architect and implement robust cloud security systems that safeguard our AI platform and the sensitive financial data it processes—empowering our engineers to innovate quickly while maintaining the highest standards of security and compliance.
The company is located in New York, NY and will be 4 days onsite a week.
What You Will Be Doing:
This position doesn’t provide sponsorship.
As a Cloud Security Engineer, you’ll play a pivotal role in shaping the company’s security posture as it scales into the enterprise financial sector. Working alongside the infrastructure team, you’ll architect and implement robust cloud security systems that safeguard our AI platform and the sensitive financial data it processes—empowering our engineers to innovate quickly while maintaining the highest standards of security and compliance.
The company is located in New York, NY and will be 4 days onsite a week.
What You Will Be Doing:
- Design and implement cloud security architecture that enables secure-by-default patterns across all engineering initiatives.
- Develop and maintain AWS security controls, including IAM policies, network segmentation, encryption, and centralized logging.
- Build infrastructure-as-code (CDK, SST, Pulumi) with embedded security guardrails to streamline secure development.
- Implement robust secrets management, encryption, and authentication frameworks to safeguard sensitive financial data.
- Lead compliance programs across CCPA, GDPR, and ISO 27001, complementing the existing SOC 2 Type II certification.
- Automate evidence collection and continuous compliance using infrastructure-as-code and monitoring pipelines.
- Conduct cloud security audits and remediate gaps against CIS Benchmarks and internal policy standards.
- Collaborate with sales and customer success teams to meet enterprise security requirements and complete due diligence questionnaires.
- Participate in the security on-call rotation and lead incident response activities.
- Partner with engineering teams to embed security into SDLC workflows and CI/CD pipelines.
- Implement software supply chain protections, including artifact signing, secret scanning, and dependency validation.
- Design and enforce security controls for AI/ML infrastructure and data pipelines handling financial information.
- Apply Zero Trust principles across cloud and internal systems.
- Mentor engineers on secure software design and architectural best practices.
- 5+ years in cloud or infrastructure security engineering.
- Deep hands-on experience with AWS security, including IAM, VPC architecture, encryption, and security services.
- Strong expertise with infrastructure-as-code (AWS CDK preferred).
- Proficiency in scripting and automation (Python, Go, Bash, or similar).
- Understanding of attacker TTPs and modern cloud threat landscapes.
- Experience with compliance frameworks such as SOC 2, ISO 27001, and GDPR.
This position doesn’t provide sponsorship.