Role overview

Cloud Security Engineer (AWS)

Requirements and responsibilities

Readable role content extracted into sections for faster review.

What You Will Do:

  • We are seeking an experienced AWS Security engineer to design, implement and maintain security controls across AWS cloud environments.
  • This role will focus on safeguarding cloud workloads, ensuring compliance with industry standards, and driving leading/best practices in identity management, monitoring, and threat detection.
  • The ideal candidate is hands-on with AWS security services, has deep knowledge of cloud security frameworks, and can partner with engineering and operations teams to embed security into the system.
  • Design and implement secure architecture within AWS using services such as IAM, KMS, CloudTrail, Config, and third-party tools/services
  • Implement and manage centralized logging, monitoring, audit monitoring, incident triage and alerting solutions. Conduct threat modeling, vulnerability scanning, and penetration testing.
  • Compare the system environment with applicable security requirements (CIS Benchmarks, NIST, HIPAA, FedRAMP, SOC 2 etc.) as applicable and chart a path towards compliance.
  • Support incident detection, investigation and response within AWS workloads. Maintain and monitor audit trails across accounts and services. Work with compliance and risk teams to align security with regulatory requirements.
  • Maintain security control documentation
  • Support Disaster Recovery/Continuity of Operations (DR/COOP) tests
  • Support audits and other compliance related requests

What You Will Need:

  • US Citizenship is required.
  • Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.
  • Bachelor’s degree from an accredited university.
  • Minimum of TWO (2)+ years of relevant work experience.
  • Experience in cloud security or cybersecurity roles focused on AWS security.
  • Expertise in AWS core services (EC2, S3, RDS, Lambda, ECS/EKS, CloudFront, Route 53, IAM, etc.)
  • Knowledge of CI/CD pipelines, GitHub Actions audit, CodeBuild job review, artifact migration, secrets verification, deployment dry runs, rollback prep, cutover support.
  • Knowledge of tax-processing, tax compliance, case management, and taxpayer data are highly preferred.
  • Experience in organizing, directing, and managing multiple, complex, and interrelated application development and testing tasks.
  • Experienced in the following: Monitoring AWS/Databricks telemetry by leveraging AWS tools (GuardDuty) or third party monitoring tools selected by clientManaging access, including granting and removing, supporting integration with an IGA solution, identifying stale accountsRotating keys/certificates by leveraging KMS (AWS tool)Enforce encryption for data in transit/at restGenerating or supporting the generation of information for access entitlementTrack and remediate vulnerabilities/ Plan of Action and Milestones (POA&Ms)
  • Monitoring AWS/Databricks telemetry by leveraging AWS tools (GuardDuty) or third party monitoring tools selected by client
  • Managing access, including granting and removing, supporting integration with an IGA solution, identifying stale accounts
  • Rotating keys/certificates by leveraging KMS (AWS tool)
  • Enforce encryption for data in transit/at rest
  • Generating or supporting the generation of information for access entitlement
  • Track and remediate vulnerabilities/ Plan of Action and Milestones (POA&Ms)
  • The individuals should be responsible for technical quality and coordination with government technical leads throughout information technology (IT) and shall be available during normal hours of operation.
  • Proven ability to work autonomously and collaborate, mentor, help, and support other team members, as needed to solve complex operational and reliability problems.
  • Strong development background in Python, Bash or similar

Details

  • Monitoring AWS/Databricks telemetry by leveraging AWS tools (GuardDuty) or third party monitoring tools selected by client
  • Managing access, including granting and removing, supporting integration with an IGA solution, identifying stale accounts
  • Rotating keys/certificates by leveraging KMS (AWS tool)
  • Enforce encryption for data in transit/at rest
  • Generating or supporting the generation of information for access entitlement
  • Track and remediate vulnerabilities/ Plan of Action and Milestones (POA&Ms)

What Would Be Nice To Have:

  • AWS Certified Security – Specialty (Highly desirable).
  • Advanced Cloud and/or advanced Databricks certifications in good standing, at the time of contract award and throughout the period of performance is highly preferred.
  • AWS Certified Solutions Architect or DevOps Engineer certifications.
  • CISSP, CISM or GIAC certifications.

Benefits include:

  • Medical, Rx, Dental & Vision Insurance
  • Personal and Family Sick Time & Company Paid Holidays
  • Parental Leave
  • 401(k) Retirement Plan
  • Group Term Life and Travel Assistance
  • Voluntary Life and AD&D Insurance
  • Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
  • Transit and Parking Commuter Benefits
  • Short-Term & Long-Term Disability
  • Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
  • Employee Referral Program
  • Corporate Sponsored Events & Community Outreach
  • Care.com annual membership
  • Employee Assistance Program
  • Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
  • Position may be eligible for a discretionary variable incentive bonus
Similar roles

Keep a backup shortlist.

Browse stack
FocusCloud Security EngineeringRole area
Seniority signalSeniorCandidate level
StackAWS, CI/CD, PythonPrimary skills
Location1 accepted countryEligibility

Stack

Use these tags to compare similar remote roles.

Location eligibility

Candidates should apply only when their profile country is listed here.

Your profileCountry not setSign in to check your country against this role.

Hiring flow

WithMira shows the role, then sends candidates to the company application.

1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.
Apply on company siteCompany siteOpen link