Senior Cloud Security Engineer

About The Position

Requirements

• 7+ years in security engineering and/or cloud engineering, with significant hands-on cloud security ownership.
• Ability to quickly learn new skills, tools, technologies, and scripting/programming languages as needed.
• Strong understanding of Infrastructure-as-Code (IaC) and proven ability to build reusable templates/modules.
• Ability to communicate complex topics clearly to executive-level leaders.
• Developing and managing cloud resources in Amazon Web Services (AWS) and Azure.
• Implementing, configuring, and managing cloud security guidance and guardrails at scale.
• Designing, implementing, configuring, and managing cloud security platforms/tools such as Wiz, Defender for Cloud, AWS Security Hub, or equivalent—including improving detections, performing remediation, and tuning policies.
• Investigating and remediating cloud security incidents and configuration issues in AWS and Azure, to include identity, network exposure, data protection, and workload protection.
• Configuring and operationalizing CNAPP/CSPM tooling (e.g., Wiz) to enforce least-privilege, detect misconfigurations, and drive remediation workflows across cloud environments.

Nice To Haves

• Bachelor’s degree in a technical field (e.g., Computer Science, Information Technology, Cybersecurity, or related field).
• At least one Associate-level or Expert-level technical certification for Microsoft Azure.
• At least one technical certification for Amazon Web Services (Solutions Architect Professional preferred).
• Experience supporting cloud security for DevSecOps.
• Hands-on experience administering and operating Wiz Cloud, including connector deployment, policy configuration, CSPM remediation workflows, and integration with SIEM/ticketing platforms.
• Proficiency in Wiz query language (WQL) to build custom threat detection rules, executive dashboards, and compliance reports.
• Experience integrating Wiz with CI/CD pipelines for shift-left security scanning of IaC and container images.
• Experience with Microsoft Sentinel or other SIEM platforms, including writing KQL detection rules and building automated playbooks.
• Familiarity with cloud-native security services: AWS GuardDuty, AWS Security Hub, Amazon Inspector, Microsoft Defender for Cloud, and Azure Policy.
• Experience with endpoint and workload protection tools (e.g., CrowdStrike Falcon, Microsoft Defender for Endpoint).
• Proficiency in scripting/automation languages (Python, PowerShell, Bash) for security tooling and workflow automation.

Responsibilities

• Directly implement and manage technical security of Steampunk’s internal cloud environments, primarily in AWS and Azure.
• Continuously evaluate, develop, and improve Steampunk’s cloud security/governance and technical guardrails, leveraging CNAPP platforms such as Wiz to maintain continuous visibility across cloud workloads, identities, and data.
• Serve as senior escalation point for complex cloud security challenges spanning data platforms, AI systems, governance, performance, and integration.
• Monitor cloud security systems and networks for anomalies using tools such as Wiz, Microsoft Sentinel, and native cloud-provider security services; take appropriate actions to identify, respond to, and prevent security incidents.
• Design and implement cloud security improvements—including CSPM policies, runtime threat detection rules, and vulnerability remediation workflows in Wiz—with emphasis on protecting Steampunk’s reputation and sensitive information.
• Participate in our agile Scrum team as part of scrum events, and in creating and completing user stories focused on improving cybersecurity.
• Present regular status updates and provide cross training to other team members.