Cloud Security Engineer

North Billerica, MA

100% Remote

Full Time

$80k - $131k

We are seeking an experienced Cloud Security Engineer to join our security team within our technology organization. The focus will be on our AWS infrastructure and our security processes and procedures (vulnerability scanning, intrusion prevention, disaster recovery). The successful candidate will maximize our investment in cloud security, select technologies, and be an advocate for security with our engineering teams in support of our mission.
The impact you will have:
  • Work closely with product and platform teams to engineer and implement cloud security controls with a focus on DevSecOps
  • Support the regulatory compliance initiatives, processes, and documentation for ISO 27001, SOC2, etc.
  • Develop scripts and automation to scale and accelerate the implementation and audit of security configurations, risks, and assessments
  • Set technical standards for cloud infrastructure, containers, security baselines, policies and procedures
  • Respond to security events in our cloud environments
Who we're looking for:
  • Experience with AWS EC2, Lambda, IAM, VPC, Security Groups, WAF, Security Hub, etc.
  • Infrastructure and system monitoring (Threat Stack, Splunk, Datadog, Guard Duty, etc.)
  • Deployment and infrastructure-as-code tools (Terraform, Puppet, Ansible)
  • Working proficiency with ticketing systems such as JIRA
  • Scripting Languages (Python, Java, Perl)
  • Containers and Kubernetes
  • Security incident response
  • Experience with the development, deployment and automation of security solutions in large enterprise environments to connect to cloud solutions such as AWS and Azure while maintaining secure operations
Minimum qualifications:
  • 3+ years of hands-on AWS security experience in consumer website environment and/or academic environment
Preferred qualifications:
  • AWS, (ISC)², or other cloud security certification
  • Experience with the Azure cloud
  • Experience with either application security or corporate infrastructure security
  • Experience with audits and GRC activities, such as SOC 2 and ISO27001

Posted by: Ally Forchic