Security Engineer, Cloud Security

Requirements

• You will be the technical authority on how we architect, govern, and defend our AWS environments across commercial and GovCloud. KEY
• RESPONSIBILITIES - Own the security architecture for Saronic's AWS environments, including multi-account strategy, network segmentation, identity architecture, and data protection across commercial AWS and AWS GovCloud - Design and maintain secure-by-default Terraform modules and IaC standards that teams adopt as the standard path, enforcing least privilege, secure defaults, and compliance
• requirements - Implement preventive controls (SCPs, permission boundaries, policy-as-code) and detective controls (Config rules, CloudTrail analysis, GuardDuty) as a unified, layered security model - Design and enforce IAM patterns across AWS accounts, services, and workloads including least-privilege policies, permission boundaries, cross-account access, federation, and service-to-service authentication - Implement and govern secrets management using tools such as AWS Secrets Manager or Vault, integrated
• experience in cloud security engineering, infrastructure security, DevSecOps, or a closely related security engineering role - Expert-level proficiency with Terraform, including module design, state management, policy-as-code, and managing complex multi-environment configurations - Deep expertise in AWS security services and architecture, including IAM, Organizations, SCPs, Control Tower, CloudTrail, Config, GuardDuty, Security Hub, KMS, and VPC security - Demonstrated
• experience with CI/CD pipeline security, IaC review processes, and automated compliance validation -
• Experience operating in AWS GovCloud or FedRAMP-regulated cloud environments - Strong proficiency in Python, Go, Rust, or equivalent languages for building security automation and tooling - Ability to obtain and maintain a security clearance PREFERRED QUALIFICATIONS: -
• Experience in defense, aerospace, robotics, autonomy, or other high-assurance environments -
• Experience designing multi-account AWS landing zones and organizational security architectures from the ground up - Hands-on
• experience with Kubernetes security, container security, and service mesh security in cloud-native environments - Familiarity with NIST SP 800-171, NIST SP 800-53, FedRAMP, or Cloud Computing SRG Impact Levels -
• Experience with infrastructure drift detection, automated remediation, and continuous compliance monitoring - Relevant certifications such as AWS Security Specialty, AWS Solutions Architect Professional, HashiCorp Terraform Associate/Engineer, CCSP, or CISSP