Cloud Security Engineer
Security Risk Advisors · Philadelphia, PA · Yesterday
On-siteEngineering$90k–$130k/yrFull-time
About the role
This role is responsible for designing, implementing, and maintaining security controls across SRA's multi-cloud environment, spanning Microsoft Azure/Entra ID, Google Cloud Platform (GCP), and Amazon Web Services (AWS). The Cloud Security Engineer will work closely with internal IT, security operations, and engineering teams to ensure cloud infrastructure is deployed and maintained in a secure, compliant, and resilient manner.
Responsibilities
- Design, implement, and maintain cloud security architectures across Azure/Entra ID, GCP, and AWS environments.
- Administer and continuously improve cloud identity and access management (IAM) policies, roles, and privilege models across all three platforms.
- Monitor cloud environments for misconfigurations, threats, and vulnerabilities using cloud-native and third-party security tooling (e.g., Defender for Cloud, Security Command Center, AWS Security Hub).
- Operationalize cloud vulnerability and patch management processes, ensuring timely remediation of identified risks.
- Implement and maintain Cloud Security Posture Management (CSPM) solutions to enforce security baselines and compliance standards.
- Develop and enforce cloud security policies, standards, and guardrails (e.g., Azure Policy, GCP Organization Policies, AWS SCPs).
- Collaborate with engineering and DevOps teams to embed security into CI/CD pipelines and infrastructure-as-code (IaC) workflows.
- Create and maintain technical documentation for cloud security architectures, configurations, and operational procedures.
- Research and evaluate emerging cloud security technologies and provide recommendations for adoption.
- Develop detection content and security analytics in SRA's internal SOC applicable to cloud environments.
Requirements
- In-depth understanding of: Microsoft Azure and Entra ID, including conditional access, PIM, and Defender for Cloud
- Google Cloud Platform (GCP) security services, including Security Command Center, IAM, and VPC Service Controls
- Amazon Web Services (AWS) security services, including IAM, GuardDuty, Security Hub, and AWS Config
- Cloud identity and access management principles and zero trust architecture
- Relevant cloud security certifications preferred (e.g., AZ-500, SC-100, Google PCSE, AWS Security Specialty)
Skills
- Working knowledge of: Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP)
- Infrastructure-as-Code (IaC) tools such as Terraform, Bicep, or CloudFormation
- Networking concepts as applied to cloud environments (VPCs, peering, private endpoints, firewalls)
- Siem and EDR technologies in cloud-integrated environments
- CI/CD pipeline security and DevSecOps practices
- Organizing or supporting penetration testing, purple team exercises, or cloud-focused security assessments
- Compliance frameworks relevant to cloud environments (e.g., CIS Benchmarks, NIST CSF, SOC 2)
- Moderate experience with: Scripting and automation using Python, PowerShell, or Bash
- Absorption and application of emerging cloud security technologies
Benefits
- Company-paid external training
- Mental health services through BetterHelp
- Generous medical, dental, and vision benefits
- Company-paid disability and life insurance
- Company 401(k) plan including annual 3% safe harbor contribution
- Free patient advocacy service
- Free financial advising
- Broad parental leave, sick leave, and vacation policies
- Company-paid cell phone with discounted accessories
- 1-2-3 Give Program
Pay
$90k - 130k
Schedule
Full-time, Monday through Friday 8:30am to 5pm. Occasional evening and weekend work may be required as job duties demand.