Cloud Security Engineer/DevSecOps Engineer

Cloud Security Engineer/DevSecOps Engineer

This position can be based remotely within the US; EST Preferred

We are looking for a Cloud Security Engineer / DevSecOps Engineer to help strengthen and mature security across our AWS and Azure environments, software delivery workflows, vulnerability management processes, compliance operations, and security monitoring platforms.

This is a mid-level individual contributor role for someone who can work independently on defined security initiatives, partner directly with engineering and IT teams, and contribute to cloud security architecture decisions. The ideal candidate is hands-on, practical, and comfortable translating security and compliance requirements into actionable technical improvements.

This role will work across cloud security, DevSecOps, vulnerability management, detection support, and audit readiness using platforms such as AWS, Microsoft Azure, Vanta, Compyl, Rapid7, Wazuh, and InsightIDR.

Responsibilities

• Review, improve, and help design secure architectures across AWS and Microsoft Azure environments.
• Implement and maintain cloud security controls related to IAM, network segmentation, encryption, logging, key management, backups, secure configuration, and access control.
• Identify and remediate cloud misconfigurations, excessive permissions, insecure storage, public exposure, weak logging, and missing security controls.
• Partner with engineering and infrastructure teams to integrate security checks and DevSecOps practices into CI/CD workflows.
• Operate and improve vulnerability management processes, including scanning, validation, prioritization, remediation tracking, reporting, and exception review.
• Use security monitoring and telemetry platforms to support alert triage, endpoint visibility, log review, investigation, and detection improvement.
• Support compliance monitoring, evidence collection, control mapping, and audit readiness activities using Vanta and Compyl.
• Map technical controls to compliance requirements, internal policies, customer security expectations, and audit evidence needs.
• Participate in threat modeling and security reviews for new applications, infrastructure changes, cloud deployments, and third-party integrations.
• Support incident response activities, including alert investigation, log analysis, evidence gathering, containment recommendations, and post-incident improvements.
• Improve identity and access management practices, including least privilege, MFA, conditional access, service principals, role reviews, privileged access controls, and access certification support.
• Create and maintain security documentation, cloud security standards, control narratives, runbooks, remediation procedures, and architecture diagrams.
• Support implementation and maintenance of security benchmarks and frameworks such as CIS, NIST, SOC 2, ISO 27001, HIPAA, FedRAMP Moderate, and HITRUST.
• Translate security and compliance requirements into practical technical tasks for engineering, IT, and infrastructure teams.

Requirements

• 3–5 years of experience in cybersecurity, cloud security, DevOps, infrastructure, systems administration, security operations, compliance operations, or a related technical role.
• Hands-on experience with AWS and/or Microsoft Azure, with the ability to work across both platforms.
• Working knowledge of cloud security concepts, including IAM, network controls, encryption, logging, monitoring, workload security, and shared responsibility models.
• Experience with common AWS security services such as IAM, CloudTrail, CloudWatch, GuardDuty, Security Hub, KMS, Config, S3 security, or VPC controls.
• Experience with common Azure security services such as Microsoft Entra ID, Azure Policy, Defender for Cloud, Key Vault, Network Security Groups, Log Analytics, Sentinel, or related services.
• Experience with vulnerability management tools such as Rapid7 InsightVM, Nexpose, InsightCloudSec, InsightIDR, or similar platforms.
• Experience with SIEM, endpoint monitoring, log analysis, or security telemetry tools such as Wazuh, Rapid7 InsightIDR, Microsoft Sentinel, or similar platforms.
• Familiarity with compliance automation, GRC, or audit readiness platforms such as Vanta, Compyl, or similar tools.
• Ability to interpret vulnerability, cloud posture, endpoint, and compliance findings and prioritize remediation based on risk.
• Working knowledge of secure configuration, patch management, asset inventory, evidence collection, vulnerability remediation, and exception management workflows.
• Basic to intermediate scripting or automation experience using Python, PowerShell, Bash, Terraform, or similar tools.
• Strong communication and documentation skills, including the ability to explain technical risks, write clear procedures, and recommend practical remediation options.
• Adhere to all organizational information security policies and protect all sensitive information including but not limited to ePHI and PHI in accordance with organizational policy and Federal, State, and local regulations

Even Better

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Business, Accounting, Risk Management, or equivalent practical experience.
• Experience supporting compliance and security frameworks such as SOC 2, ISO 27001, HIPAA, NIST, CIS, FedRAMP Moderate, and HITRUST, or similar standards.
• Experience with infrastructure as code tools such as Terraform, CloudFormation, ARM/Bicep, or Azure DevOps.
• Experience with CI/CD platforms such as GitHub Actions, GitLab CI, Jenkins, Azure DevOps, or similar.
• Experience with container or workload security for Docker, Kubernetes, ECS, EKS, AKS, or Azure Container Apps.
• Working knowledge of application security concepts, including OWASP Top 10, secrets management, dependency scanning, secure SDLC, and threat modeling.
• Experience with cloud security posture management, vulnerability dashboards, alert tuning, security reporting, and control monitoring.
• Familiarity with Microsoft 365 security, Microsoft Entra Conditional Access, Defender, Intune, or endpoint management.
• Experience creating or improving security architecture diagrams, control narratives, remediation guides, operational procedures, and audit evidence.
• Relevant certifications such as Security+, AWS Certified Security Specialty, AWS Solutions Architect Associate, Azure Security Engineer Associate, Azure Administrator Associate, SC-200, or equivalent practical experience.