Responsibilities

• Design and implement secure cloud architectures aligned with best practices.
• Contribute to centralized cloud security capabilities across systems under the CISO's remit.
• Lead threat modelling exercises and define risk mitigation strategies.
• Review vulnerability management and penetration testing findings, and translate them into actionable remediation plans.
• Configure and manage AWS security services (e.g., IAM, KMS, certificate management).
• Define and implement logging and security telemetry collection for AWS workloads, integrating with security analytics and observability platforms.
• Act as an embedded security engineer within product teams.
• Design and recommend security controls that balance protection, usability, and delivery speed.
• Embed security-by-design principles into architectures, CI/CD pipelines, and engineering practices.
• Improve security posture of existing systems by identifying control gaps, prioritizing remediation, and implementing sustainable fixes.
• Perform scoped penetration testing to validate key controls and identify weaknesses.
• Define and implement automated security checks (e.g., IaC scanning, cloud posture management, CI/CD policy enforcement).
• Translate security requirements into controls as code (e.g., Terraform modules, policy-as-code, guardrails).
• Continuously enhance controls and automation based on emerging threats, incidents, and evolving requirements.
• Collaborate with product, engineering, and platform teams to design secure solutions and resolve trade-offs.
• Communicate complex security concepts clearly to both technical and non-technical stakeholders.
• Provide regular updates to the CISO on risks, residual issues, and progress on security improvements.

Provide clear, actionable guidance on cloud and infrastructure design, including:

• Account and landing zone architecture
• Network segmentation (VPC)
• Identity and access management (IAM)
• Data protection, logging, monitoring, and workload security

Requirements

• 5–7 years of experience in cloud platform or cloud security engineering, with hands-on involvement in design, implementation, and troubleshooting.
• Strong expertise in cloud security, including networking, IAM, KMS/BYOK, logging/telemetry, containers/serverless, and CI/CD security.
• Proficiency in Infrastructure as Code (IaC) and automation tools for implementing and managing security controls.
• Experience with automated control validation (e.g., cloud posture management, IaC scanning, CI/CD-integrated checks).
• Familiarity with implementing controls as code in collaboration with engineering teams.
• Strong problem-solving skills with a pragmatic, outcome-driven mindset.
• Ability to work closely with engineering teams while operating as an independent contributor.
• Strong communication skills to engage both technical and non-technical stakeholders.
• Cloud Solutions Architect and/or Cloud Security certifications are preferred.