Cloud CyberSecurity Engineer - Hybrid (Houston or Dallas TX)
About the role
AECOM is seeking a Cloud Security Engineer to join the Cybersecurity Engineering team, responsible for driving and enforcing security outcomes across a global multi-cloud environment spanning AWS, Microsoft Azure, and Microsoft m365. This role focuses on defining control requirements, identifying risk, and ensuring remediation of cloud security issues in partnership with Infrastructure and Application teams, who perform hands-on implementation.
Responsibilities
- Cloud Security Governance & Control
- Oversight Perform Cloud Security Posture management (CSPM)
- Utilize Palo Alto Prisma Cloud and Qualys TotalCloud to identify misconfigurations, vulnerabilities, and deviations from baseline
- Define and initiate remediation requirements for Infrastructure and Application teams
- Track and drive remediation efforts to closure
- Partner with Security Architecture to translate cloud security standards into actionable control requirements
- Ensure adherence to approved cloud security baselines and standards
- Support exception management and risk acceptance processes with Cybersecurity Architecture and Cybersecurity GRC
- Develop and deliver reporting on cloud security posture and risk to Cybersecurity and IT leadership
- Cloud Visibility & Risk Management
- Own visibility into cloud security posture across AWS and Azure
- Define risk metrics, prioritization models, and reporting standards
- Improve asset visibility and configuration awareness across cloud environments
- Partnership & Enablement
- Partner with Infrastructure and Application teams to ensure secure implementation of controls
- Provide guidance on secure cloud practices aligned with enterprise standards (NIST, CIS)
- Collaborate with stakeholders to prioritize and address security risks
- Continuous Improvement
- Drive continuous improvement of cloud security processes, tooling, and reporting
- Stay current with evolving cloud threats and technologies
Qualifications
- Bachelor’s degree (BA/BS) and at least 6 years of information technology / cybersecurity experience with cloud security focus or demonstrated equivalency of experience and/or education
- Experience with AWS and Microsoft Azure environments
- Experience with CSPM/CNAPP tools (Prisma Cloud, Qualys TotalCloud, CrowdStrike Cloud Security, or similar)
- Strong understanding of cloud security concepts, IAM, and network security
- Experience managing and driving remediation of security issues
Preferred Qualifications
- Strong communication and stakeholder management skills
- Experience with Proofpoint Email Protection or similar platforms
- Experience with SIEM/logging integrations
- Familiarity with Infrastructure-as-Code concepts
- Understanding of NIST, CIS, ISO 27001
- Cloud security certifications (AWS, Azure) highly preferred
Additional Information
Relocation assistance is not available for this position. Sponsorship for US work authorization is not available for this position, now or in the future. At AECOM, we are committed to maintaining a secure and trustworthy recruitment process and take any fraudulent hiring activity seriously. To support this commitment, all newly hired employees are required to attend an in-person Day 1 onboarding at an AECOM office location as a condition of employment. Offered rate of compensation will be based on individual education, qualifications, experience, and work location. The range for this position is $130000 to $175000 per year.