Senior/Principal AWS Cloud Security Engineer
Our client is seeking a Principal AWS Cloud Security and Compliance Engineer with extensive hands-on experience in securing cloud environments at scale. This role is ideal for a seasoned security expert who thrives on designing, implementing, and managing cloud security controls, ensuring compliance with industry standards, and mitigating security risks across AWS infrastructure. The ideal candidate will bring a deep understanding of AWS security services, regulatory compliance frameworks, and cloud-native security best practices.
Main tasks and responsibilities:
- Security Architecture & Design: Lead the design and implementation of secure AWS architectures, ensuring compliance with security frameworks and industry best practices
- Governance & Compliance: Develop, enforce, and monitor compliance with SOC 2, ISO 27001, NIST, CIS, FedRAMP, PCI-DSS, HIPAA, and other security standards
- Cloud Security Operations: Implement and manage AWS security services such as AWS IAM, AWS KMS, AWS GuardDuty, AWS Security Hub, AWS Macie, AWS Config, AWS WAF, and AWS Shield
- Threat Detection & Incident Response: Develop SIEM integrations, monitor security logs, investigate incidents, and lead incident response efforts to mitigate threats
- Automation & Infrastructure Security: Implement Infrastructure as Code (IaC) security policies using Terraform, AWS CloudFormation, or AWS CDK. Automate security monitoring and compliance reporting
- Identity & Access Management (IAM): Define and enforce least privilege access controls, manage AWS Organizations and Service Control Policies (SCPs)
- DevSecOps & CI/CD Security: Embed security into the CI/CD pipeline, ensuring secure deployment practices across cloud workloads
- Security Risk Assessments: Perform cloud security risk assessments, threat modeling, and penetration testing to identify and mitigate vulnerabilities
- Security Awareness & Training: Mentor engineering teams on secure coding, cloud security best practices, and AWS security controls
Stakeholder Collaboration: Work with engineering, compliance, and business teams to align security strategies with organizational goals
Education, skills and experience:
Must have:
- 10+ years of hands-on experience in cybersecurity, cloud security, and compliance, with at least 5 years in AWS security
- Expert-level knowledge of AWS security services, architecture, and best practices. Deep understanding of compliance frameworks (e.g., SOC 2, ISO 27001, NIST, FedRAMP, PCI-DSS, HIPAA)
- Experience with AWS IAM, VPC security, AWS WAF, KMS, CloudTrail, Config, Security Hub, Macie, and GuardDuty
- Proficiency in SIEM solutions, security automation, and cloud-native security tools
- Hands-on experience with IaC security (Terraform, CloudFormation), container security (EKS, ECS), and serverless security
- Strong background in DevSecOps, securing CI/CD pipelines, and integrating security into cloud-native development
- Expertise in identity & access management (IAM), RBAC, MFA, and Zero Trust security models
- Experience with incident response, threat detection, and forensic analysis in AWS
- Proficient in scripting and automation (Python, Bash, or PowerShell)
- Strong communication skills with the ability to influence technical and non-technical stakeholders
Would be a plus:
- AWS Certified Security – Specialty or AWS Certified Solutions Architect – Professional certification
- Experience in multi-cloud security (AWS, Azure, GCP)
- Familiarity with security risk management frameworks (e.g., MITRE ATT&CK, OWASP, CIS Benchmarks)
- Knowledge of AI/ML security, API security, and data protection strategies