Senior/Staff Cloud Security Engineer

About the Company:

World is a network of real humans, built on privacy-preserving proof-of-human technology, and powered by a globally inclusive financial network that enables the free flow of digital assets for all. It is built to connect, empower, and be owned by everyone.

Tools for Humanity is a technology company dedicated to building for humans in the age of AI. Our mission is to create secure, scalable, and privacy-preserving infrastructure for World, a rapidly growing global network that provides identity, financial, and community services to millions.

World uses cutting-edge hardware, software, and blockchain technology to enable Proof of Humanity, ensuring trusted and verifiable identities worldwide. With over 10 million verified users and 1,400+ verification orbs globally, we’re scaling fast. Security is at the heart of everything we build—our team ensures the integrity of cloud environments, identity systems, services edge, and blockchain applications while designing state-of-the-art cryptographic solutions.

Now, we’re looking for an experienced Senior or Staff Cloud Security Engineer to help build and scale a security-first cloud infrastructure that will enable us to reach and protect every person in the world.

As a Senior / Staff Cloud Security Engineer, you’ll be responsible for designing, implementing, and securing our AWS-based cloud environments. You’ll work closely with security, engineering, and infrastructure teams to build scalable security solutions that protect sensitive identity and financial data from evolving threats. This role offers a unique opportunity to tackle high-scale, high-stakes security challenges in a rapidly growing decentralized ecosystem.

This is a high-impact role where you will tackle complex and evolving threats in a dynamic environment that spans cloud infrastructure, blockchain security, device security, and web applications.

Cloud Security Architecture & Standards

• Develop and enforce Cloud Organization Security Standards for AWS environments.

• Lead security architecture reviews, ensuring cloud services and applications follow zero-trust and least-privilege principles.

• Enhance identity management security, including role-based access controls (RBAC), conditional access policies, and MFA requirements.

• Design secure image hosting strategies, including golden image enforcement and vulnerability scanning.

Security Vulnerability & Compliance Readiness

• Establish and manage the vulnerability remediation process for cloud misconfigurations, IAM weaknesses, and application security gaps.

• Develop automated workflows for security finding remediation, ensuring alignment with compliance frameworks (SOC 2, ISO 27001, GDPR).

• Drive compliance readiness by implementing audit-friendly security controls and continuous monitoring.

Cloud Access & Identity Security

• Define and maintain a secure cloud access elevation procedure, ensuring temporary privilege escalations follow just-in-time (JIT) principles.

• Optimize IAM governance with strong enforcement of least privilege policies, automated access reviews, and logging for identity-based events.

Secure CI/CD & Infrastructure as Code (IaC)

• Implement and manage CI/CD security controls, including static application security testing (SAST), dependency scanning, and infrastructure-as-code (IaC) security.

• Work closely with DevOps teams to embed security into Terraform, Kubernetes, and AWS CloudFormation deployments.

• Automate cloud security monitoring and policy enforcement through security-as-code methodologies.

• 7+ years of experience in Cloud Security Engineering, Security Architecture, or a related field.

• Expert in AWS security, including IAM, KMS, VPC security, GuardDuty, SCPs, security groups, and WAF.

• Hands-on experience securing cloud-native workloads, containers, and Kubernetes environments.

• Strong understanding of zero-trust architectures, cloud IAM governance, AuthN and AuthZ, and cloud security monitoring.

• Proven ability to automate security processes with Python, Bash, or Terraform.

• Hands-on experience with Version Control platforms (Github, Gitlab, Bitbucket, Azure DevOps, etc.)

• Deep knowledge of CI/CD security best practices, including SAST, DAST, dependency scanning, and secrets management.

• Strong grasp of compliance frameworks (SOC 2, ISO 27001, GDPR, NIS2, PCI, CIS, etc.) and their cloud security requirements.

• Working knowledge of Linux OS instances.

• Experience leading threat modeling, cloud security incident response, or forensic investigations.

• Knowledge of privileged access management (PAM) solutions for cloud environments.

• A portfolio of security research, open-source contributions, or conference presentations.

• High-impact role: Your work directly secures a global identity and financial network serving millions.

• Cutting-edge tech: Work with AWS, blockchain security, zero-knowledge proofs, and cryptographic protocols.

• Strong security culture: Security is central to everything we build—not an afterthought.

• Growth & autonomy: Lead initiatives, mentor others, and shape the future of security at TFH.

If you’re passionate about cloud security, large-scale systems, and protecting human identity, we’d love to hear from you.

Apply now to help secure the future of digital identity.

By submitting your application, you consent to the processing and internal sharing of your CV within the company, in compliance with the GDPR.

Pay transparency statement (for CA and NY based roles):

The reasonably estimated salary for this role at TFH ranges from $272,000-$310,000 plus a competitive long term incentive package. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, TFH offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, vision, 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend and much more!