Senior/Staff Cloud Security Engineer
WorldAbout this job
Job category
IT
Job type
Full time
Salary range
$ 272k - $ 310k
Location
San Francisco, United States
Company size
Mature [ 50+ employess ]
Apply now
Don't miss out on this opportunity. Apply now and take the first step toward success.
Resume Assistance
See how well your resume matches this job role with our AI-powered score. By uploading your resume, you agree to our Terms of Service
Job Description
Design, implement, and secure AWS-based cloud environments; work with security, engineering, and infrastructure teams to build scalable security solutions protecting sensitive data.
Responsibilities
- Develop and enforce Cloud Organization Security Standards for AWS environments.
- Lead security architecture reviews, ensuring cloud services and applications follow zero-trust and least-privilege principles.
- Enhance identity management security, including role-based access controls (RBAC), conditional access policies, and MFA requirements.
- Design secure image hosting strategies, including golden image enforcement and vulnerability scanning.
- Establish and manage the vulnerability remediation process for cloud misconfigurations, IAM weaknesses, and application security gaps.
- Develop automated workflows for security finding remediation, ensuring alignment with compliance frameworks (SOC 2, ISO 27001, GDPR).
- Drive compliance readiness by implementing audit-friendly security controls and continuous monitoring.
- Define and maintain a secure cloud access elevation procedure, ensuring temporary privilege escalations follow just-in-time (JIT) principles.
- Optimize IAM governance with strong enforcement of least privilege policies, automated access reviews, and logging for identity-based events.
- Implement and manage CI/CD security controls, including static application security testing (SAST), dependency scanning, and infrastructure-as-code (IaC) security.
- Work closely with DevOps teams to embed security into Terraform, Kubernetes, and AWS CloudFormation deployments.
- Automate cloud security monitoring and policy enforcement through security-as-code methodologies.
Requirements
- 7+ years of experience in Cloud Security Engineering, Security Architecture, or a related field.
- Expert in AWS security, including IAM, KMS, VPC security, GuardDuty, SCPs, security groups, and WAF.
- Hands-on experience securing cloud-native workloads, containers, and Kubernetes environments.
- Strong understanding of zero-trust architectures, cloud IAM governance, AuthN and AuthZ, and cloud security monitoring.
- Proven ability to automate security processes with Python, Bash, or Terraform.
- Hands-on experience with Version Control platforms (Github, Gitlab, Bitbucket, Azure DevOps, etc.)
- Deep knowledge of CI/CD security best practices, including SAST, DAST, dependency scanning, and secrets management.
- Strong grasp of compliance frameworks (SOC 2, ISO 27001, GDPR, NIS2, PCI, CIS, etc.) and their cloud security requirements.
- Working knowledge of Linux OS instances.
Benefits
- High-impact role: Your work directly secures a global identity and financial network serving millions.
- Cutting-edge tech: Work with AWS, blockchain security, zero-knowledge proofs, and cryptographic protocols.
- Strong security culture: Security is central to everything we build—not an afterthought.
- Growth & autonomy: Lead initiatives, mentor others, and shape the future of security at TFH.
About this job
Job category
IT
Job type
Full time
Salary range
$ 272k - $ 310k
Location
San Francisco, United States
Company size
Mature [ 50+ employess ]
Apply now
Don't miss out on this opportunity. Apply now and take the first step toward success.
Resume Assistance
See how well your resume matches this job role with our AI-powered score. By uploading your resume, you agree to our Terms of Service