Cloud Security Engineer

Overview

As a Cloud Security Engineer, you will be the primary architect and guardian of our digital infrastructure, blending deep technical engineering with proactive risk management. You will design and deploy secure, scalable environments by integrating security directly into the DevSecOps lifecycle, ensuring that every layer of the stack—from network perimeters and identity management to container runtimes—is resilient by design. By leveraging automation and observability tools, you will maintain a continuous defense-in-depth strategy, overseeing threat detection, incident response, and compliance frameworks. Ultimately, this role bridges the gap between development and operations, spearheading cloud governance and disaster recovery efforts to guarantee long-term operational stability and a hardened security posture.

What You'll Do

• Lead Platform & Infrastructure Development by architecting scalable, resilient systems using Infrastructure as Code (IaC).
• Design and implement Secure Infrastructure across cloud environments, ensuring a "security-by-default" architecture.
• Manage Cloud Resources and DNS Operations, including zone management, records, and global resolution strategies.
• Optimize performance and defense by deploying and managing WAF, CDN, and Network Firewalls (IDS/IPS).
• Drive CI/CD Automation by integrating security gates, SAST/DAST scanning, and automated Secret Rotation into development pipelines.
• Enforce robust Identity and Access Management (IAM) protocols and oversee VPN & Certificate Management.
• Advance Security Operations by implementing and managing SIEM, SOAR, and XDR platforms for rapid threat detection and response.
• Maintain Cloud Security Posture Management (CSPM) and Infrastructure Observability to proactively identify and remediate misconfigurations.
• Secure containerized workloads by establishing strict Docker & Runtime Security standards.
• Own Compliance and Governance, specifically meeting SOC2 Compliance Requirements and maintaining all necessary technical controls.

Who You Are

• Bachelor Degree in Computer Science or related field 
• 15+ years of experience in information technology security
• Experience as a hands on technology leader in a highly technical environment
• Must be willing to work outside normal business hours as needed
• Hands-on, in-depth experience with Azure (required); familiarity with GCP or AWS is a plus.
• Deep expertise in a specific Infrastructure as Code (IaC) tool such as Terraform and Terragrunt.
• Experience with container orchestration security, including Kubernetes, service mesh, and serverless architectures.
• Hands-on experience with Cloudflare (WAF, CDN, DNS, Zero Trust) — required; experience with other CDN/edge security platforms is a plus.
• Expert understanding of application, network, operating system, and core infrastructure security concepts and concerns
• Working knowledge of common information technology management frameworks and regulations such as ISO 27001/2, NIST, SOC2, GDPR, DORA, etc. - Nice to Have
• CISSP, CISA or SANS GIAC certification - preferred
• Experience with at least one object-oriented programming language; Python preferred.
• Experience with at least one query language such as Kusto Query Language (K