What are the responsibilities and job description for the Senior Cloud Security Engineer (Secret Clearance Required) position at Improvix Technologies?
Senior Cloud Security Engineer (Onsite 4x/week in DC)
Overview
We are seeking a Senior Cloud Security Engineer with security engineering experience in Azure or AWS and an understanding of development lifecycle phases as part of the DevSecOps methodology. A successful Senior Cloud Security Engineer has a cyber security background in the cloud, understands cloud architecture, development fundamentals, and has worked as part of an Agile team to deliver solutions across an organization. The Senior Cloud Security Engineer will utilize the DevSecOps methodology to successfully secure platform features and capabilities deployed onto Commercial and GovCloud AWS or Azure environments.
Key Responsibilities
- Cloud Security Architecture & Engineering
- Support design and implementations of secure architecture on AWS or Azure
- Define and enforce security baselines (CIS, NIST 800-53, FedRAMP, etc) and align security controls with compliance frameworks.
- Support architecture reviews, threat modeling, and secure design guidance for cloud services and workloads.
- Automation & DevSecOps
- Build and maintain Infrastructure as Code (Terraform) to enforce security at scale across hundreds of AWS accounts or Azure subscripitons.
- Integrate CI/CD pipelines with automated security scans (SAST, DAST, IaC scanning, container security) and aid driving secure coding practices across the platform.
- Develop and enhance automated guardrails, policies, and remediation pipelines as pertained to Azure or AWS.
- Security Governance and Compliance
- Support ATO compliance efforts by embedding controls into the cloud buildout process and lead assessments.
- Partner with compliance officers, auditors, and platform engineers to ensure evidence and reporting readiness.
- Implement centralized logging, monitoring, and incident response across multi- cloud environments.
- Collaboration & Leadership
- Support team of platform engineers on secure cloud development and automation practices day to day.
- Partner with architects, developers, and compliance teams to align security objectives between projects and platform teams.
- Act as an Azure or AWS subject matter expert for stakeholders, architects, and engineering leads.
Required Qualifications
- Bachelor Degree in computer science or relevant technical degree; or equivalent industry experience.
- 4 years of cybersecurity or cloud engineering experience.
- Hands-on advanced experience securing and automating one or more cloud environments (AWS, Azure, GCP).
- Experience with native cloud security tools (AWS Security Hub, GuardDuty, Defender for Cloud, Azure Policy, etc)
- Familiarity with infrastructure as code (Terraform, CloudFormation, ARM/Bicep) and CI/CD (GitLab, GitHub Actions, etc).
- Technical experience with AWS or Azure, including services such as IAM/RBAC, key management (KMS/Key Vault/Cloud KMS), networking (VPC/VNET), and encryption.
- Experience with application security standards such as OWASP ASVS/Top 10 and CWE 25.
- Familiarity aligning security controls with NIST 800-53, FedRAMP, CIS Benchmarks, or equivalent frameworks.
- Strong communication and leadership skills, with experience in successfully delivering and iterating on projects.
Preferred Qualifications
- Familiarity with supply chain security (SBOM, SLSA, dependency scanning, artifact signing).
- Familiarity with zero trust architectures and enterprise identity platforms (Okta, Entra ID, AWS SSO).
- Certifications such as AWS Certified Security - Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, OSCP, or CISSP.
- Experience with Kubernetes security (OPA/Gatekeeper, PodSecurityStandards, Prisma, Twistlock, etc.).