Senior Cloud Security Engineer
Posted on:
August 1, 2025
Job description
The Role
As a Senior Cloud Security Engineer who will lead and scale our cloud security strategy as we build critical systems for healthcare. You’ll be at the heart of our infrastructure and product security — embedding security into every layer of our cloud-native stack and helping us stay resilient, compliant, and one step ahead of threats.
Responsibilities
What you’ll do:
- Design and implement security controls across our cloud infrastructure (AWS/GCP/Azure), networks, containers, and CI/CD pipelines.
- Drive adoption of security best practices across engineering teams — with a strong focus on automation, secure defaults, and developer enablement.
- Own and evolve threat detection and prevention strategies, leveraging tools like GuardDuty, AWS Config, CloudTrail, and other cloud-native services.
- Implement and manage application and supply chain security tooling (e.g., GitHub Advanced Security, Snyk, Trivy, Semgrep).
- Define and enforce IAM policies, secrets management, and service-to-service authentication standards.
Lead security incident response and postmortems — build systems to reduce MTTR and improve detection fidelity. - Collaborate with engineering, compliance, and legal to align infrastructure with frameworks like ISO 27001, SOC 2, and HIPAA.
- Contribute to security awareness and training initiatives across the organization.
- Participate in threat modeling, architecture reviews, and risk assessments.
- Support generation of automated audit evidence for compliance needs.
- Stay ahead of cloud security trends, zero-day threats, and new attack vectors — and continuously strengthen our defenses.
Job requirements
What we will look for:
- 6–8+ years in security engineering, with at least 3+ years focused on cloud-native security (preferably AWS or Azure).
- Proven experience securing modern infrastructure: containers (Docker), orchestration (Kubernetes), and IaC (Terraform, CDK, etc.).
- Deep understanding of identity and access management, network segmentation, and cloud security architectures.
- Hands-on experience with tools like:
- Secrets Management: HashiCorp Vault, AWS Secrets Manager
- Security Scanning: Snyk, Trivy, GitHub Advanced Security, Checkov
- Monitoring & Detection: CloudTrail, GuardDuty, Falco, Datadog Security
- Strong programming/scripting skills in Python, Go, or Bash.
- Solid knowledge of secure software development lifecycle (SSDLC) and DevSecOps principles.
- Familiarity with compliance frameworks (SOC 2, ISO 27001, HIPAA, or PCI-DSS).
- Experience leading security reviews, audits, or risk assessments.
Bonus
- Experience in regulated industries (healthtech, fintech, government).
- Background in offensive security or red/purple teaming.
- Knowledge of SBOM generation and software supply chain defense.
Apply now
When you apply, please mention you found the job on Aussie Intelligence. This encourages more tech companies to hire through our platform, creating more opportunities for you. Good luck with your application!
Apply now
