Cloud Security Engineer

🧙‍♂️ About the Role

The work happens directly inside client cloud environments: identifying security and compliance gaps, then remediating them through code — Terraform, OpenTofu, Bicep, YAML. Not manual configurations. Not PowerPoint recommendations. Real implementation work in production systems.

This role is part of a client delivery team supporting fast-growing US companies across multiple concurrent engagements in a consulting-driven environment. It combines cloud engineering, security, compliance, and advisory work.

The goal is not only to close gaps, but to help clients build security programs that survive real operational scale — not just audit

 

🧙‍♂️ In This Role You Will

• Harden cloud environments across AWS, Azure, GCP, and Oracle Cloud — IAM, network segmentation, secrets management, logging, monitoring, and CSPM.
• Remediate compliance and security gaps through Infrastructure as Code using Terraform, OpenTofu, Bicep, and YAML-based configurations.
• Use automated scanning and compliance tooling to assess posture across cloud environments, code repositories, HRIS, and ERP systems.
• Support clients through security and compliance initiatives including ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 42001, SOC 2, and NIST 800-171.
• Automate security and operational workflows using Python, Bash, CI/CD pipelines, and vendor APIs.
• Participate directly in client calls, remediation planning sessions, technical workshops, and security roadmap discussions with engineering and security stakeholders.
• Build reusable IaC modules, automation scripts, and internal accelerators that improve delivery efficiency across future engagements.
• Collaborate with client engineering and security teams to deliver scalable, production-ready security solutions.
  
   

🎯 You May Be Interested If

• You enjoy solving real-world cloud infrastructure and security problems across different environments and industries.
• You prefer practical engineering and implementation work over checkbox security.
• You're comfortable managing multiple projects and adapting quickly to different client stacks and operational contexts.
• You take ownership of your work and can independently manage technical delivery workstreams.
• You're comfortable communicating directly with engineering leaders and explaining technical decisions clearly.
• You want to grow beyond pure execution into a more strategic, advisory-oriented security role.
• You come from a strong cloud engineering or DevSecOps background and want to move deeper into security and compliance engineering.
  
   

🍰 Must-Have

• Strong Infrastructure as Code experience — Terraform, OpenTofu, Bicep, or YAML in real production environments.
• Hands-on experience with at least one major cloud platform (AWS, Azure, or GCP); multi-cloud exposure is a strong plus.
• Understanding of security and compliance frameworks such as ISO 27001, SOC 2, or NIST, including how technical controls are implemented in practice.
• Experience with Python and/or Bash scripting for automation and operational workflows.
• Experience with CI/CD pipelines, GitHub Actions, infrastructure automation, and cloud-native tooling.
• Ability to communicate directly with client-side engineering and security stakeholders.
• Strong ownership mindset and ability to independently manage delivery workstreams.
• English proficiency at B2 level or higher.
• Availability for collaboration with US-based clients and scheduled calls starting from 16:00 Kyiv time.
  
   

🍒 Nice to Have

• Experience with Oracle Cloud Infrastructure (OCI).
• Experience with CSPM and automated compliance tooling such as Wiz, Lacework, Vanta, Drata, or similar platforms.
• Exposure to AppSec, vulnerability management, detection engineering, SIEM, or incident response workflows.
• Previous consulting, MSP, or client delivery experience.
• Relevant certifications such as AWS Security Specialty, CISSP, CCSP, or Security+.
  
   

💻 Working Conditions

• Employment Type: Full-Time
• Fully remote position with distributed teams across Ukraine and the US.
• Flexible remote setup with required overlap for US-based client communication and delivery coordination.
• 20 working days of paid vacation per year.
• Results-oriented environment with high autonomy and ownership expectations.
• Access to continuous learning opportunities, certifications, and professional development support.