Tech Stack

Description

You will design, build, and operate preventative and detective security controls across AWS and enterprise environments. Partnering with infrastructure and development teams, you'll embed security by default through automation, IaC, and policy-as-code, ensuring robust protections for cloud and on-premises systems.

Requirements

• 7+ years in security engineering with production AWS (multi-account/Organizations) and automation-first delivery.
• Domain experience in at least three of: network, endpoint, email, data, vulnerability, container, or identity security.
• IaC proficiency (Terraform preferred) and Python for automation; CI/CD integration experience (GitHub Actions, GitLab, CodePipeline).
• Experience with root-cause analysis and remediation of control failures.
• Ability to independently drive complex projects and collaborate effectively with stakeholders.

Responsibilities

• Design, implement, and maintain controls in AWS (IAM, KMS, VPC, GuardDuty, Security Hub, etc.), network, endpoint, email, data security, vulnerability, and identity domains.
• Define SLOs for control availability, latency, coverage, and drift; implement telemetry to measure those SLOs.
• Build IaC modules (Terraform/CloudFormation) and platform automations (Python/Lambda, Step Functions) to enforce guardrails.
• Engineer data pathways (CloudTrail, VPC Flow, ECS audit, identity logs) into SIEM/MDR tooling.
• Own vulnerability scanners, asset coverage, and risk-based remediation pipelines.