Senior Cloud Security Engineer

A leading fintech company is seeking a Senior Cloud Security Engineer to play a key part in the firm's large-scale cloud transformation initiative. This senior engineer will be a technical leader responsible for designing, implementing, and automating security as an essential component of their infrastructure and application development processes.

Primary Responsibilities:

• Design and implement scalable security architectures for cloud-native applications and workloads across AWS (primary), Azure, and GCP.
• Write and maintain Infrastructure-as-Code (IaC) templates in Terraform to enforce security policies, automate guardrails, and manage cloud infrastructure securely.
• Develop security automation scripts and integrations using Python.
• Define and manage IAM policies, role-based access controls (RBAC), and service identities, and embrace least privilege access principles across cloud environments.
• Work closely with development and production teams to embed security scanning, policy enforcement, and vulnerability management into CI/CD pipelines.
• Secure Kubernetes clusters (EKS, AKS, GKE) by implementing workload identity, network policies, and runtime security controls.
• Evaluate and implement cloud-native security solutions, such as AWS Security Hub, GuardDuty, Macie, Azure Security Center, and Chronicle Security Operations.
• Monitor cloud environments for threats and misconfigurations, integrating logs and alerts into SIEM and SOAR platforms to enhance detection and response.
• Conduct architecture reviews, red team assessments, and CSPM initiatives to identify risks and recommend remediations.
• Stay ahead of evolving cloud security threats, researching and applying emerging best practices in Zero Trust, confidential computing, and API security.

Essential Qualifications:

• 7+ years of experience in cloud security engineering, with deep expertise in AWS and exposure to Azure and GCP.
• Bachelor's degree in Computer Science or a related technical discipline.
• Strong proficiency in Terraform for cloud security automation and governance.
• Experience with Python for automation, security tooling, and API integrations.
• Knowledge of Zero Trust Architecture (ZTA) and identity-centric security models.
• Hands-on experience securing Kubernetes, containers, and serverless workloads.
• Familiarity with threat modeling, security risk assessments, and incident response in cloud environments.
• Ability to collaborate with engineers, architects, and security teams to balance security and operational needs.

Preferred Qualifications:

• Certifications such as AWS Certified Security - Specialty, CISSP, CKA/CKS, or Azure Security Engineer Associate.
• Experience securing API gateways, cloud-native cryptography (AWS KMS, HashiCorp Vault), and workload isolation strategies.
• Background in financial services or other regulated industries.

This is a hybrid role requiring onsite presence Tuesday through Thursday. Interested candidates must be located in (or willing to relocate to) the Bay Area.