Senior Cloud Security Engineer
Vanguard · Dallas, TX · 6 days ago
HybridInformation TechnologyFull-time
About the role
The Senior Cloud Security Engineer is responsible for defining and owning the technical architecture for CSPM tooling, automation platforms, and integration frameworks. They design system-level patterns and drive architectural decisions on platform extensibility, service boundaries, and data ownership. They lead technical design reviews and mentor engineers on the team.
Responsibilities
- Defines and owns the technical architecture for CSPM tooling, automation platforms, and integration frameworks — ensuring they scale reliably across thousands of cloud accounts and multiple business units.
- Designs system-level patterns (event-driven pipelines, API contracts, data models) that other engineers build on — establishing the foundational approach for how security findings flow from detection through prioritization to remediation.
- Drives architectural decisions on platform extensibility, service boundaries, and data ownership — balancing near-term delivery against long-term maintainability as the program grows.
- Architects auto-remediation and shift-left enforcement systems that operate at org scale — designing for fault tolerance, auditability, and graceful degradation when upstream systems change.
- Evaluates and selects tooling, frameworks, and integration patterns that the broader team adopts — owning the technical standards for how CSPM systems connect to enterprise infrastructure (CI/CD, CMDB, ITSM, identity providers).
- Promotes alignment on shared interfaces, data contracts, and remediation workflows that reduce friction at organizational boundaries by partnering with engineering leadership across Platform, DevOps, SRE, and application security teams.
- Leads technical design reviews and mentors engineers on the team — raising the bar on code quality, system thinking, and operational readiness.
- Shapes the technical roadmap for AI-assisted security capabilities — evaluating where machine learning and LLM-based automation can meaningfully reduce risk or operational burden, and architecting the systems to deliver them.
Qualifications
- Minimum of five years related work experience required, with two years experience in cloud security preferred.
- Undergraduate degree in a related field or the equivalent combination of training and experience.
- Proficiency in Python, Go or TypeScript – production-grade, not just scripting.
- Strong background in distributed systems concepts: event-driven architectures, async processing, API design, observability.
- Hands-on experience across at least one of: AWS, GCP, Azure — at the level of org-wide account structures, landing zones, and cross-account security patterns and IAM at scale.
- Track record of influencing technical direction beyond your immediate team.