Senior Cloud Security Engineer

Glocomms' partner, a leading FinTech company, is seeking a Senior Cloud Security Engineer to play a key role in the firm's large-scale cloud transformation initiative. This senior engineer will be a technical leader responsible for designing, implementing, and automating security as an essential component of their infrastructure and application development processes.

Primary Responsibilities:

1. Design and implement scalable security architectures for cloud-native applications and workloads across AWS (primary), Azure, and GCP.
2. Write and maintain Infrastructure-as-Code (IaC) templates in Terraform to enforce security policies, automate guardrails, and manage cloud infrastructure securely.
3. Develop security automation scripts and integrations using Python.
4. Define and manage IAM policies, role-based access controls (RBAC), and service identities, following least privilege principles across cloud environments.
5. Collaborate with development and production teams to embed security scanning, policy enforcement, and vulnerability management into CI/CD pipelines.
6. Secure Kubernetes clusters (EKS, AKS, GKE) by implementing workload identity, network policies, and runtime security controls.
7. Evaluate and implement cloud-native security solutions, such as AWS Security Hub, GuardDuty, Macie, Azure Security Center, and Chronicle Security Operations.
8. Monitor cloud environments for threats and misconfigurations, integrating logs and alerts into SIEM and SOAR platforms to enhance detection and response.
9. Conduct architecture reviews, red team assessments, and CSPM initiatives to identify risks and recommend remediations.
10. Stay ahead of evolving cloud security threats by researching and applying emerging best practices in Zero Trust, confidential computing, and API security.

Essential Qualifications:

1. 7+ years of experience in cloud security engineering, with deep expertise in AWS and exposure to Azure and GCP.
2. Bachelor's degree in Computer Science or a related technical discipline.
3. Strong proficiency in Terraform for cloud security automation and governance.
4. Experience with Python for automation, security tooling, and API integrations.
5. Knowledge of Zero Trust Architecture (ZTA) and identity-centric security models.
6. Hands-on experience securing Kubernetes, containers, and serverless workloads.
7. Familiarity with threat modeling, security risk assessments, and incident response in cloud environments.
8. Ability to collaborate with engineers, architects, and security teams to balance security and operational needs.

Preferred Qualifications:

1. Certifications such as AWS Certified Security - Specialty, CISSP, CKA/CKS, or Azure Security Engineer Associate.
2. Experience securing API gateways, cloud-native cryptography (AWS KMS, HashiCorp Vault), and workload isolation strategies.
3. Background in financial services or other regulated industries.

This is a hybrid role requiring onsite presence Tuesday through Thursday. Interested candidates must be located in (or willing to relocate to) the Bay Area.