Jobs · Information Technology · Florida

Senior Engineer, Cloud Security

PayCargo · Miami, FL · 1 wk ago
On-siteInformation TechnologyFull-time

About PayCargo

PayCargo is the world's leading online payment solution that revolutionizes the shipping and cargo world. It provides a fast and efficient way to reduce costs associated with payment processing, improving the speed and profitability of its customers' businesses.

About The Role

The Senior Engineer, Cloud Security is responsible for strengthening and operating PayCargo's security controls across a modernizing platform that spans legacy systems, a multi-account AWS environment, Microsoft Entra ID, GitHub/ZenHub workflows, GitHub Actions pipelines, and a growing set of secure AI platform requirements.

  • Monitor the perimeter, cloud, and endpoint environments for threats, misconfigurations, and anomalous activity across AWS and Microsoft Entra ID.
  • Operate and tune security tooling, including CrowdStrike, Microsoft Defender, and CloudWatch and SNS logging and alerting.
  • Triage security alerts, drive incident response, and lead root cause analysis with clear, durable follow-up.
  • Maintain and improve on-call and escalation workflows (e.g., PagerDuty) so security events are handled consistently.
  • Run periodic access reviews and enforce least privilege across AWS IAM and IAM Identity Center, Microsoft Entra ID, and SaaS platforms.
  • Strengthen RBAC/ABAC, MFA, and SSO, SAML2, and OAuth2/OIDC patterns across internal and customer-facing systems.
  • Reduce standing access and broad repository or local admin privileges in favor of bounded, auditable access.
  • Operate the federated access model, including SAML-based assumed access to AWS (via CommonFate Granted) and GitHub OIDC for pipelines, so people and CI receive least-privilege, time-bound access without static credentials.
  • Administer Entra ID groups and the Tailscale ACLs that gate network access.
  • Govern dependency and supply-chain risk using Dependabot and approved-package practices, and keep secrets in AWS Secrets Manager and SSM Parameter Store.
  • Support SOC 1 Type 2, SOC 2, and PCI DSS obligations by owning the implementation of controls and the evidence behind them.
  • Coordinate penetration testing, remediation tracking, and verification of fixes.
  • Produce clean, repeatable audit evidence and reduce last-minute audit scrambles.
  • Translate compliance requirements into operational controls engineers can follow without constant guidance.
  • Secure AI Platform Support: Help enforce containment for AI and model usage, including stateless model access, whitelisted egress, and approved destinations.
  • Support tokenization and PII-protection patterns so sensitive data is not exposed to model providers.
  • Review AI-assisted workflows and applications for security boundaries, logging, and blast-radius reduction.
  • Cross-Functional Partnership: Partner with DevOps and Engineering to embed security into the Terraform and GitHub Actions pipelines, environments, and deployment paths.
  • Work with Compliance on audits and frameworks (SOC, PCI, ISO 27001) and on auditor-facing reporting.
  • Advises Product and Architecture on secure-by-design patterns and practical trade-offs.
  • Implements and operates the security controls, boundaries, and egress rules defined in the platform architecture owned by the Director of Cloud & AI Platform Architecture.
  • Provide clear status, escalate risks early, and document controls, runbooks, and decisions.

Required Qualifications

  • 5+ years of hands-on security engineering, cloud security, or security operations experience preferred.
  • Strong working knowledge of AWS security and identity services, plus an enterprise identity provider such as Microsoft Entra ID or Okta.
  • Practical experience with SOC and/or PCI DSS controls, audits, and evidence.
  • Strong understanding of IAM, RBAC/ABAC, MFA, SSO, SAML2, OAuth2/OIDC, JWT, including common failure modes, and least-privilege design.
  • Experience with incident response, logging and alerting, and root cause analysis.
  • Ability to convert security and compliance requirements into repeatable operational controls.
  • Strong communication and documentation skills, and the ability to influence without direct authority.
  • Demonstrated experience operating production security controls in cloud environments.
  • Experience supporting SOC, PCI, or comparable audits and frameworks.
  • Payments, fintech, SaaS, or logistics experience is a plus.

Preferred Qualifications

  • Security certifications such as CISSP, CISM, CCSP, or equivalent.
  • Familiarity with secure AI/LLM patterns, data tokenization, and egress control.
  • Experience securing CI/CD pipelines (GitHub Actions), GitHub/ZenHub, and Terraform-based infrastructure-as-code.
  • Experience with zero-trust network access such as Tailscale or Zscaler, and SSO brokers such as CommonFate Granted.
  • Familiarity with ISO 27001 and SaaS security posture management.

Similar jobs