Posted in

Cloud Security Engineer

Cloud Security Engineer

CompanyVirtru
LocationWashington, DC, USA
Salary$150000 – $200000
TypeFull-Time
Degrees
Experience LevelMid Level, Senior

Requirements

  • Demonstrated experience implementing security controls in GCP and/or AWS environments
  • Deep understanding of cloud security architecture and best practices, including container and Kubernetes networking security
  • Proficiency in security automation using Terraform and/or Ansible, and languages like Go, Python, or Node.js
  • Strong knowledge of common compliance frameworks and how to implement technical controls to meet requirements
  • Experience with infrastructure scanning tools and security monitoring solutions (ie CNAP, SIEM, CSPM, CWPP)
  • Strong incident response skills, security troubleshooting experience and comfortable being On Call
  • Clear and effective communication skills, with the ability to articulate security concepts to both technical and non-technical audiences
  • A passion for continuously improving security posture and staying current with emerging threats
  • Comfortable participating in annual assessments, security control reviews, and audits

Responsibilities

  • Lead security compliance initiatives and automation of control validation across our cloud environments using Infrastructure as Code (Terraform, Ansible)
  • Build security automation for CI/CD pipelines, including vulnerability scanning and compliance validation
  • Conduct regular security reviews and risk assessments of cloud infrastructure and applications
  • Collaborate with development and operations teams to implement security controls without impeding velocity
  • Develop and maintain security monitoring solutions and respond to security events
  • Create and maintain security documentation, training, and guidelines for engineering teams

Preferred Qualifications

  • Security certifications (CISSP, CCSP, AWS/GCP security certifications)
  • Experience implementing security controls for SOC 2, PCI, HIPAA, or FedRAMP compliance
  • Knowledge of threat modeling and secure architecture design
  • Experience with security tools like Prismacloud, Wiz, Sysdig, or Aqua Security
  • Familiarity with service mesh security (Istio)
  • Background in DevSecOps practices and tooling
  • Experience with security event monitoring and SIEM solutions
  • Public cloud marketplace security validation experience
  • Multicloud security controls implementation