← All jobs

Cloud Security Engineer

Palm Beach · Remote

Up to $130,000/ year

Any

hackajob is partnering with Leo Technologies to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.

Cloud Security Engineer

Palm Beach

Description

 

Role

We're a SaaS company running on AWS GovCloud (US), maintaining SOC 2 Type 2 attestation and actively
pursuing FedRAMP High authorization. This is the dedicated owner of cloud security within our InfoSec team —
embedded day-to-day with a ~40-person engineering org spanning Product, Platform, Application/SDET, DevOps,
and ML/AI.
You'll be the person who makes our AWS environment both demonstrably compliant and genuinely secure:
translating NIST 800-53 controls into engineering reality, generating the evidence that satisfies a 3PAO, and
partnering with builders so the secure path is the easy path — not a gate they route around.
What you'll own
• AWS GovCloud security posture end to end: IAM and identity federation, account/OU structure, network
segmentation (VPC, security groups, Transit Gateway), encryption and KMS/CMK key management,
CloudTrail/Config logging, and workload protection.
• Technical ownership of cloud-relevant controls for FedRAMP High (NIST 800-53 Rev 5 High baseline, ~400+
controls) and SOC 2 Type 2 Trust Services Criteria — mapping controls to implemented safeguards and
keeping them operating effectively across audit periods.
• Continuous Monitoring (ConMon): vulnerability scanning, monthly POA&M management, deviation
requests, and the evidence pipeline that stands up to 3PAO assessment and annual SOC 2 windows.
• Security automation in CI/CD: IaC scanning, policy-as-code guardrails, and hardened baselines so ~40
engineers ship securely by default.
• Detection & response: tuning GuardDuty, Security Hub, Config rules, Inspector, and SIEM integration;
supporting incident response and forensics in a GovCloud boundary.
• Boundary & landing zone partnership: working with Platform and DevOps on the authorization boundary
definition, secure landing zones, and baseline hardening (CIS/DISA STIG).
• Cross-team advisory: guiding ML/AI teams on securing data pipelines and model infrastructure, and serving
as cloud security SME during audits, agency reviews, and customer security questionnaires.
What we're looking for
• 5–8+ years in cloud security, with hands-on depth in AWS (GovCloud experience a strong plus).
• Direct experience implementing and evidencing security controls against a compliance framework —
FedRAMP (Moderate or High) strongly preferred, or demonstrable NIST 800-53 work.
• Solid grasp of SOC 2 Trust Services Criteria and what Type 2 (operating effectiveness over a period) demands
beyond Type 1.
• Infrastructure-as-code fluency (Terraform and/or CloudFormation) and policy-as-code (OPA/Conftest,
Sentinel, or similar).
• Practical IAM, KMS/encryption, network security, and container/Kubernetes (EKS) security experience.
• Comfort scripting and automating (Python, Go, or similar) rather than living in the console.
• Ability to influence engineers without formal authority — clear communication and a partnership mindset.
Nice to have
• Prior participation in a FedRAMP authorization from readiness through ATO (agency-sponsored or FedRAMP
Board).
• CNAPP/CSPM tooling (Wiz, Prisma Cloud, Orca, etc.).
• GovCloud-specific familiarity: service availability differences, US-persons account vetting, ITAR/EAR data
handling.
• Relevant certifications: AWS Security Specialty, CCSP, CISSP.
• Experience securing ML/AI or data-intensive workloads.
Eligibility
• Due to FedRAMP High requirements and the nature of federal data in scope, this role is open to U.S. citizens
only. (Confirm the specific legal basis — e.g., ITAR or contract clause — with counsel before posting.)
• Must be able to pass a background check.

hackajob is partnering with Leo Technologies to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.

Upskill

Level up the hackajob way. Verify your skills, learn brand new ones and test your ability with Pathways, our learning and development platform.

Find out more

Ready to reach your potential?

Find out more