Cloud Security Engineer

About Us

We are seeking a skilled Cloud Security Engineer to support Identity and Access Management (IAM) operations, cloud key management, secrets management, and security automation across multi-cloud environments, including Azure, AWS, and GCP. This role will also be responsible for implementing cloud security controls, managing network security operations, and administering firewalls on Fortigate platforms. The Cloud Security Engineer will ensure secure identity governance, controlled access, network segmentation, and policy-driven guardrails that align with enterprise security standards.

Responsibilities

Identity & Access Management (IAM)

• Execute IAM operations, including provisioning, access troubleshooting, RBAC/ABAC configurations, and access recertifications.
• Manage and implement AWS Service Control Policies (SCPs) to enforce governance and guardrails.
• Build and manage Azure Policies (definitions, initiatives, assignments) in accordance with compliance regulations.
• Support IAM architecture across Azure AD/Entra ID, AWS IAM, GCP IAM, and the enterprise Identity Center.
• Assist with IAM incident response and Level 2 escalations.

Key Management & Secrets/Vault Operations

• Operate cloud KMS platforms, including Azure Key Vault and AWS KMS, focusing on key rotation, key policies, and certificates/PKI operations.
• Enforce cryptographic standards (RSA, AES, ECC), manage TLS certificate lifecycles, and ensure secure key access patterns.

Cloud Security (Azure / AWS / GCP)

• Implement cloud security baselines, guardrails, and compliance controls in line with CIS, NIST, and ISO27001 standards.
• Support network and security posture configuration utilizing tools such as Wiz and Prisma.
• Configure and troubleshoot cloud-native firewalls, Network Security Groups (NSGs), routing, and segmentation.

Network Security (Fortigate)

• Manage, monitor, and troubleshoot Fortigate firewalls, including security policies, NAT, VPN (IPsec/SSL), and routing.
• Oversee IPS/IDS configurations and threat profiles.
• Ensure high availability operations (Active/Passive).
• Support network segmentation, micro-segmentation, and Zero Trust enforcement.
• Participate in firewall rule reviews, change management, and impact assessments.
• Analyze traffic flows, logs, and events using FortiAnalyzer tools.

Automation & Infrastructure as Code

• Develop Terraform modules for IAM, KMS, vault, firewall policies, and cloud security controls.
• Create Ansible playbooks to automate secret rollout, certificate deployments, firewall configurations, and configuration baselines.
• Support Kubernetes environments, focusing on secret management, RBAC, service accounts, workload identity, and Vault injector integration.

Documentation & Governance

• Maintain Standard Operating Procedures (SOPs), runbooks, architecture diagrams, and compliance documentation.
• Support internal audits, security reviews, and posture reporting.

Required Skills and Experience:

• Hands-on experience with Terraform and Ansible.
• Looking for 5 - 7 Years of experience.
• Strong understanding of identity protocols, including SAML, OAuth2, OIDC, LDAP, and Kerberos.
• Experience with Azure AD/Entra ID, AWS IAM, and GCP IAM.
• Expertise in HashiCorp Vault, Azure Key Vault, and AWS KMS.
• Proficiency in Kubernetes RBAC, secrets management, and workload identity management.
• Solid understanding of PKI, TLS certificates, and cryptographic primitives.
• Strong Linux administration skills (RHEL/CentOS/Rocky Linux).
• Familiarity with firewall technologies, particularly Fortigate (firewall/NAT/VPN/IPS/URL filtering) and cloud security controls across Azure, AWS, and GCP.

Desired/Bonus Skills:

• Certifications in Azure Security Engineer, AWS Security, or GCP Security.
• Network Security certification, such as Fortinet NSE (NSE4+).
• AWS Security Specialty certification.