Job title: Sr Cloud Security Engineer

Our client: Our client, a leader in the financial services field, is seeking a Sr Cloud Security Engineer to join the team. This position will work with experienced professionals to help drive solutions to provide a best in industry standard for quality, innovation, and efficiency.

Principal tasks and responsibilities include :

• Design and implement AWS security architectures that align with industry best practices and compliance requirements.
• Assess cloud security risks and enforce security policies across AWS environments.
• Manage and optimize AWS Identity and Access Management (IAM), AWS Organizations, and AWS Control Tower to enforce least privilege access controls.
• Implement and manage AWS security services , including AWS Security Hub, GuardDuty, Macie, Inspector, and WAF .
• Deploy and configure AWS-native encryption solutions , including AWS KMS, CloudHSM, and Secrets Manager for secure key and secret management.
• Integrate and manage AWS logging and monitoring tools, including CloudTrail, CloudWatch, Config, and SIEM integrations for threat detection.
• Ensure network security through secure configurations of AWS VPCs, Security Groups, Network ACLs, AWS Shield, and AWS PrivateLink .
• Work closely with DevOps teams to integrate security controls into CI/CD pipelines using AWS-native and third-party security tools.
• Automate security processes using Terraform, AWS CloudFormation, and Python/Bash scripting to enforce security best practices at scale.
• Implement container and Kubernetes security best practices using AWS EKS, ECS, Fargate, and container scanning solutions .
• Conduct security audits, vulnerability assessments, and penetration testing of cloud infrastructure.
• Ensure compliance with CIS AWS Benchmarks, NIST, ISO 27001, SOC2, PCI-DSS, HIPAA , and other regulatory frameworks.

Qualifications and pre-requisites :

• 10+ years of overall experience, with 4 years of experience in AWS security framework
• Hands-on experience securing AWS environments, including IAM, VPC, EC2, S3, RDS, Lambda, EKS, ECS, Fargate, CloudFront, and Route 53 .
• Experience with AWS security services , including AWS Security Hub, GuardDuty, Macie, Inspector, WAF, Shield, CloudTrail, and CloudWatch .
• Strong understanding of network security concepts , including firewalls, VPNs, network segmentation, and DDoS mitigation in AWS.
• Knowledge of encryption, key management, and certificate management using AWS KMS, CloudHSM, and ACM.
• Experience implementing AWS-native security controls and automation using Terraform, CloudFormation, and scripting languages (Python, Bash, or PowerShell) .
• Familiarity with container security best practices in AWS environments using EKS, ECS, and container scanning tools.
• Knowledge of Zero Trust security models, identity federation, and role-based access controls (RBAC) in AWS .
• Experience conducting cloud security audits, vulnerability assessments, and penetration testing .
• AWS Security Specialty Certification or other relevant AWS certifications (AWS Solutions Architect, AWS DevOps Engineer).
• Experience with multi-cloud security (Azure, Google Cloud) in addition to AWS.
• Hands-on experience with Infrastructure as Code (IaC) security tools , such as Checkov, tfsec, or Cloud Custodian .
• Experience with serverless security (AWS Lambda security best practices).
• Knowledge of SIEM solutions and security orchestration and automation (SOAR) .
• Familiarity with SOC operations, incident response, and forensic analysis in cloud environments .
• Experience with cloud-native WAF solutions (AWS WAF, Cloudflare, Akamai).
• Strong understanding of compliance frameworks such as CIS AWS Benchmarks, NIST, ISO 27001, SOC2, PCI-DSS, and HIPAA .