Cloud Security Controls Engineer
Deloitte · Dallas, TX · 3 days ago
HybridInformation Technology$100k–$125k/yrFull-time
Work You'll Do/Responsibilities
- Support the client as a Cloud Security Engineering Pod to support their Cloud Security efforts as an extension of their own team.
- Automate preventative and detective cloud security controls across AWS, GCP, and Azure using cloud-native services and Open Policy Agent (OPA).
- Design, develop, test, and deploy cloud security controls through the DevOps lifecycle to support secure, scalable, and repeatable delivery.
- Collaborate with security, platform, and engineering teams to embed security controls into cloud environments and development workflows.
- Build and maintain automation, testing, and validation capabilities to improve the effectiveness and reliability of cloud security controls.
- Support continuous improvement of cloud control coverage through policy-as-code, detection engineering, and security engineering best practices.
- Develop and maintain detection logic and rules to strengthen monitoring and response capabilities across cloud environments.
- Partner with cross-functional teams to troubleshoot control failures, improve implementation quality, and support secure cloud operations.
Qualifications
- 3-5 years of experience in DevSecOps engineering with a focus on cloud environments such as AWS, GCP, or Azure, ideally within a security program.
- 3+ years of experience with cloud-native development and architecture, leveraging services and tools specific to AWS, GCP, and Azure.
- 3+ years of proficiency with Python for testing, automation, and custom tool development.
- 3+ years of proficiency with Terraform for infrastructure automation and security control deployment.
- 3+ years of experience with software testing methodologies and tools.
- 3+ years of experience with DevOps tools and practices, including automated build, test, and deployment processes.
- 2+ years of hands-on experience with Open Policy Agent (OPA) and policy enforcement.
- 2+ years of experience in detection engineering, including detection-as-code practices and development/maintenance of detection rules.
- 2+ years of experience with SIEM query languages such as Splunk SPL, and familiarity with rule formats such as YARA.
- Bachelor's degree, preferably in Computer Science, Information Technology, Computer Engineering, or related IT discipline; or equivalent experience.
- Limited immigration sponsorship may be available.
- Must be able to start by 8/17/2026.
- Ability to work in a Hybrid model - minimum of 3 days onsite at the client location in Dallas, TX.