Lead Engineer, Cloud Security

The Cloud Security Senior Engineer is responsible for designing, implementing, and maintaining security controls across AWS and Azure cloud environments. The ideal candidate brings deep hands-on experience securing multi-cloud environments in fast-paced, transformation-driven organizations with the ability to work directly with highly technical teammates.Architect and enforce cloud security controls across AWS and Azure, including IAM policies, network segmentation, encryption, and logging configurations.

• Manage and optimize cloud security posture management (CSPM) and cloud workload protection (CWPP) tooling
• Conduct cloud security assessments, identify misconfigurations, and drive remediation with engineering teams.
• Design and implement guardrails for Infrastructure-as-Code (IaC) pipelines (Terraform, CloudFormation, Bicep) to prevent insecure deployments
• Monitor and respond to cloud-specific threats, integrating cloud telemetry into SIEM and detection workflows
• Evaluate and harden container and serverless architectures (EKS, ECS, Lambda, AKS, Azure Functions).
• Develop and maintain cloud security standards, reference architectures, and runbooks.
• Support incident response activities for cloud-based security events.
• Partner with Engineering, and Application Development teams to embed security into CI/CD pipelines.
• Provide technical input on cloud security tooling decisions, vendor evaluations, and proof-of-concept testing
• Stay current on cloud provider security features, emerging threats, and evolving compliance requirements (SOC 2, ISO 27001, NIST CSF, PCI DSS as applicable).
• Comply with health and safety guidelines and rules; managers should also ensure compliance across their teams.
• Protect Chamberlain Group’s reputation by keeping information confidential.
• Maintain professional and technical knowledge by attending educational workshops, reading professional publications, establishing personal networks, and participating in professional societies.
• Contribute to the team effort by accomplishing related results and participating on projects as needed.
• Motivate and lead a high performance team by attracting, developing, engaging and retaining team members
• Drive the performance management and compensation processes by communicating job expectations, monitoring and evaluating performance, providing feedback and facilitating employee development per the company’s policies
• Maintain transparent communication by appropriately communicating organization information to team through department meetings, one-on-one meetings, appropriate email, IM and regular interpersonal communications
• Lead and motivate individuals and teams to create a workplace culture that is consist

Minimum Qualifications

Education/Certifications

:Bachelor's degree in Computer Science, Information Security, Information Technology, or a related field

.Experience

• :7 years of progressive experience in information security, with at least 4 years focused on cloud security engineering

.Knowledge, Skills, and Abilities

• :Deep hands-on experience with both AWS and Microsoft Azure security services, including: AWS: IAM, GuardDuty, Security Hub, CloudTrail, Config, KMS, VPC security, WAF, Organizations/SCPs. Azure: Entra ID, Defender for Cloud, Azure Policy, Key Vault, NSGs, Azure Monitor, Sentinel
• .Strong experience with cloud security posture management (CSPM) platforms (e.g., Wiz, Orca, Rapid7 InsightCloudSec, CrowdStrike Falcon Cloud Security, or equivalent)
• .Working knowledge of Infrastructure-as-Code (Terraform, CloudFormation, or ARM/Bicep templates) and securing IaC pipelines
• .Experience with container security (Docker, Kubernetes) and serverless security patterns. Capable of persuading non-security leaders (e.g., IT Ops, Engineering, Product) by linking security initiatives to operational continuity, consumer trust, and compliance posture
• .Solid understanding of network security principles applied to cloud environments (VPCs, transit gateways, private endpoints, zero trust network architecture)
• .Familiarity with CI/CD security integration and DevSecOps practices
• .Ability to communicate complex technical concepts to both engineering peers and non-technical stakeholders
• .Collaborative approach to working across engineering, IT, and product teams

.Other

• :Required to be in the office at least three days a week. Monday and Wednesday are mandatory
• .Ability to manage and monitor major incidents during non-business hour

sPreferred Qualification

sEducation/Certifications

• :AWS Security Specialty, Azure Security Engineer Associate (AZ-500), CCSP, CISSP, or equivalen

tExperience:

• Experience with cloud detection and response (CDR) tooling and cloud-native threat detectio