Cloud Security Engineer

Cloud Security Engineer

Sunnyvale CA

Contract / CTH 6 Months

About the role

We are seeking a highly focused Cloud Security Engineer whose role will be fundamentally driven by our environment architecture and deployment methodology. Working alongside our Corporate Security & Infrastructure team you will play a crucial role in securing our infrastructure across diverse multi-cloud environments (AWS Azure GCP OCI) with a heavy emphasis on Kubernetes cluster hardening. You will establish robust guardrails enforce Identity and Access Management policies and maintain our Cloud Security Posture Management (CSPM) to prevent insecure deployments and ensure continuous compliance.

Responsibilities:

• Cloud Infrastructure Security: Securely deploy and maintain infrastructure across diverse multi-cloud environments (AWS Azure GCP OCI) establishing cloud-specific robust guardrails to prevent insecure deployments and configurations.
• Kubernetes Cluster Hardening: Implement and enforce security best practices and policies specifically tailored for Cloud native Kubernetes clusters including granular Role-Based Access Control (RBAC) network policies and admission controllers.
• Identity & Access Management (IAM): Develop implement and enforce robust security policies and procedures specifically related to user authentication and authorization across all systems. Manage user identities (traditional active directory email platforms cloud solutions) and rigorously enforce the principle of least privilege on Cloud cloud service and container levels.
• Container Security: Ensure the security of container images registries and runtime environments through the effective use of tools like Docker Podman and various container scanning solutions.
• Infrastructure-as-Code (IaC) Security: Manage infrastructure and security policies through version-controlled Git repositories using tools such as Terraform CloudFormation or AWS CDK to ensure consistent auditable and secure deployments.
• Cloud Security Posture Management (CSPM): Maintain CSPM tools such as Wiz to continuously detect and remediate misconfigurations and compliance drifts across the cloud footprint.
• Compliance Automation: Automate compliance checks and generate necessary evidence for audits across the multi-cloud environment streamlining regulatory adherence.
• Runtime Security: Monitor and protect running applications and containers from threats during their operational lifecycle.

Were looking for someone who has:

• 5 years of industry experience in software engineering or security engineering with a focus on designing and building secure production-grade cloud systems.
• Extensive demonstrable experience with Kubernetes from a security perspective (e.g. securing containerized workloads enforcing RBAC and cloud-native secret management).
• Implemented AI to rapidly identify validate and remediate security issues without impact.
• Deep operational security experience with AWS (mandatory) with highly preferred practical experience deploying and securing infrastructure across Azure GCP or OCI.
• Proficiency in Infrastructure-as-Code (IaC) tools such as Terraform CloudFormation or AWS CDK to deploy and manage environments.
• Hands-on expertise in configuring monitoring and driving remediation through Cloud Security Posture Management (CSPM) platforms like Wiz.
• A strong background in designing and enforcing complex Identity & Access Management (IAM) and least-privilege architectures across both multi-cloud and traditional on-premises directory environments.
• Experience working with container security image scanning and runtime protection tools.

Nice to have:

• Advanced industry certifications related to cloud and container security (e.g. AWS Certified Security - Specialty Certified Kubernetes Security Specialist (CKS) Certified Kubernetes Administrator (CKA)).
• Strong proficiency in programming or scripting languages commonly used for security automation and backend development (e.g. Go/Golang Python or C).
• Prior experience automating compliance frameworks and generating audit evidence across a multi-cloud footprint.
• Experience securing and operating in air-gapped or highly constrained on-premises computing environments.

Required Skills:

securityArtificial IntelligenceawsKubernetes