AWS Cloud Security & Compliance Engineer (SecOps – Enterprise Governance)

Tittle - AWS Cloud Security & Compliance Engineer (SecOps – Enterprise Governance)

Boton , MA

Full time

Job Overview

We are a fast-growing Payment Service Provider operating a mission-critical platform on AWS Cloud. With millions of transactions processed daily, we prioritize security, compliance, and operational resilience. As we scale globally, we are strengthening our cloud security posture to meet ISO 27001 and SOC 1/2 standards.

Role

We are looking for an experienced AWS Cloud Security & Compliance Engineer to own the security and governance of our AWS infrastructure. This is a hands-on role involving:

• Cloud architecture
• IAM governance
• Security automation
• Compliance operations & documentation
  
  

The role focuses heavily on least-privilege access, data protection, auditability, and ensuring continuous compliance.

Responsibilities

AWS Security & Access Management

• Design and enforce IAM policies, roles, and SCPs using least-privilege principles.
• Implement AWS Organizations, Control Tower, GuardDuty, Security Hub, Config, and CloudTrail for centralized governance.
• Manage MFA, SSO (AWS IAM Identity Center), and just-in-time access workflows.
• Conduct regular privileged access reviews and automate user/role lifecycle management.
  
  

Compliance & Data Governance

• Lead ISO 27001 and SOC 1/2 control implementation (e.g., A.9, A.12, SC-13, PI-7).
• Own risk assessments, control evidence collection, and audit preparations.
• Maintain data classification, encryption (KMS, SSE), and data residency policies.
• Ensure PCI DSS alignment for payment data flows.
  
  

Security Automation & Monitoring

• Build Infrastructure-as-Code security using Terraform or similar tools.
• Automate compliance checks via AWS Config Rules, Security Hub, and Lambda scripts.
• Respond to and triage findings from GuardDuty, Inspector, Macie, and third-party scanners.
  
  

Documentation & Reporting

• Maintain System Security Plan (SSP), Risk Register, and control matrices.
• Prepare audit-ready evidence (logs, configs, access reports).
• Train engineering teams on secure AWS best practices.
  
  

Required Qualifications

• 10 years in cloud infrastructure; 5 years in cloud security; 3 years specifically on AWS.
• Hands-on expertise with:
• AWS IAM, Organizations, SCPs, KMS, CloudTrail, Config, Security Hub
• Terraform / CloudFormation for secure infrastructure
• Strong understanding of encryption at rest/transit, network security (VPC, NACLs, WAF), and secrets management.
• Experience with external audits (SOC 2 Type II, ISO 27001).
• AWS Security Specialty or Solutions Architect Professional certification required.
  
  

Skills: cloud security,compliance,enterprise governance,infrastructure