Security Engineer

We are seeking a Cloud Security Engineer to join our client's growing security team. In this role, you will serve as a core technical contributor responsible for identifying, prioritizing, and tracking remediation of cloud misconfigurations across multi-cloud client environments - spanning AWS, Azure, and GCP.

This is a long-term contract rote and is remote. Qualified candidates must be located in the US.

Key Responsibilities

Multi-Cloud Misconfiguration Management Operate the AutoCloud platform and complementary tooling to continuously identify and prioritize cloud misconfigurations across client AWS, Azure, and GCP environments.

CIS Benchmark & Compliance Validation Assess client environments against CIS benchmarks and PCI DSS control requirements, tracking findings through to remediation closure.

Attack Path Analysis Prioritize findings by exploitability and attack path risk, translating technical findings into business-relevant language for client stakeholders.

Remediation Guidance & Tracking Provide clear, actionable remediation guidance to client IT and security teams; track progress via the remediation dashboard.

SIEM Integration Support Coordinate with the team to ensure cloud provider logs (AWS CloudTrail, Azure Monitor, GCP Cloud Logging) are properly connected, normalized, and feeding into Google Chronicle.

Identity Security Reviews Support entitlement reviews, unused and service account analysis, and identity risk assessments across client identity stores.

Reporting Contribute to monthly vulnerability reports (PDF and Excel) covering compliance overviews, CSPM finding summaries, cloud posture trends, and historical aging tables.

Client Engagement Participate in standing meeting cadences and monthly/quarterly business reviews with client IT and security stakeholders to present findings and remediation progress.

Tooling & Platform Management Assist in assessing and transitioning client-side tooling during implementation, including evaluation of existing licenses and determining which tools are replaced, retained, or supplemented.

Change Management Adherence Execute all cloud-side remediation and configuration changes in accordance with client change management processes; all changes require client approval prior to execution.

Required Qualifications

• 3 years of experience in cloud security, cloud engineering, or a related discipline with hands-on exposure to at least two of: AWS, Azure, GCP
• Demonstrated experience with CSPM tooling (e.g., Prisma Cloud, Wiz, Orca Security, AWS Security Hub, or equivalent)
• Solid understanding of CIS Benchmarks and common cloud misconfigurations
• Experience with IAM concepts, entitlement reviews, and least-privilege enforcement in cloud environments
• Familiarity with PCI DSS control requirements as they relate to cloud infrastructure
• Ability to communicate technical risk clearly to both technical and non-technical audiences
• Experience contributing to written security reports and client-facing deliverables
• Strong organizational skills with the ability to manage concurrent client engagements and remediation tracks

Preferred Qualifications

• Experience with AutoCloud or comparable multi-cloud CSPM solutions
• Familiarity with Google Chronicle or other enterprise SIEM platforms
• Experience onboarding cloud provider logs into a SIEM
• Exposure to SCA tools such as Snyk, Trivy, or TruffleHog
• Background in DevSecOps — scripting, automation, or policy-as-code
• Experience in a managed security services provider (MSSP) environment
• Relevant certifications: AWS Security Specialty, Microsoft SC-300/AZ-500, GCP Professional Cloud Security Engineer, CCSP, or equivalent

Day-to-Day

• Run continuous misconfiguration scans across multi-cloud client environments
• Triage and prioritize findings by exploitability and business impact
• Coordinate with client IT teams to assign, track, and close remediation items
• Feed cloud posture data into ongoing client reporting cadences
• Support SIEM integration of cloud logs into Google Chronicle