Cloud Security Engineer – AWS Vulnerability & Misconfiguration Management

can build a successful career with opportunities to learn, grow, and make an impact. Join us!

We are seeking a skilled and motivated Cloud Security Engineer to join our cybersecurity team. This role focuses on proactively identifying, analyzing, and mitigating vulnerabilities and misconfigurations across cloud-native environments (IaaS, PaaS, SaaS). The ideal candidate will have a deep knowledge of cloud security principles, hands-on experience with vulnerability assessment tools, and the ability to drive remediation through collaboration with engineering, operations, and governance teams.

This role requires 3 years of experience.

Job Responsibilities:
• Identify vulnerabilities and misconfigurations across the AWS platform, resources, and workloads.
• Maintain cloud security posture management (CSPM) and vulnerability management tools such as Inspector, Wiz, Qualys, CrowdStrike.
• Develop automated detection and monitoring for insecure configurations, excessive permissions, and non-compliant deployments.
• Partner with engineering, DevOps, and application teams to provide remediation guidance and drive secure by design solutions.
• Triage and report vulnerabilities with risk ratings to ensure timely remediation.
• Research and stay ahead of emerging cloud threats, vulnerabilities, and industry best practices.
• Contribute to cloud security standards, baselines, and playbooks to improve enterprise-wide security posture.
• Support governance, risk, and compliance requirements by ensuring alignments with regulatory and internal policy standards.
• Drive Cloud Security solutions in alignment with the Bank's cloud strategy and in accordance with security best practices.
• Develops strong partnerships by demonstrating operational expertise as a subject matter expert.

Required Qualifications:
• Experience with AWS native services, tools, and architecture.
• Understanding of cloud security principles and practice
• Working knowledge of cloud threat landscape
• Technical experience in infrastructure and/or security functions
• Understanding of DevSecOps and CI/CD pipeline integration through security engineering lifecycles.
• Understanding of Threat modeling and frameworks
• Understanding of vulnerability management and scanning tools
• Experience in project management
• Well-developed analytic, qualitative, and quantitative reasoning skills with a demonstrated creative problem-solving ability.
• Ability to work independently with little oversight on complex initiatives.
• Extremely motivated, hungry to learn
• Ability to communicate complex concepts to all levels of understanding and technical ability.

Desired Qualifications
• CISSP/CCSP/CISM
• Cloud specific Security certifications such as SANS/GIAC
• Vendor specific and relevant certifications - AZ-500, SC-200, AZ-204, CKA, CKS, RHCE, etc.
• Bachelors degree in a technical field

Shift:
1st shift (United States of America)

Hours Per Week:
40

Learn more about this role