Cloud Security Engineer
Location: Fountain Valley, California
Compensation: Base salary range negotiable + eligible for performance-based incentives
Job Description
We are seeking a proactive and skilled Cloud Security Engineer to design, implement, and manage security controls and best practices within our cloud environment, with a primary focus on AWS. This role is critical to protecting cloud infrastructure, applications, and data by leveraging a wide range of security tools and platforms, including CWPP, CSPM, Firewall, and Database Access Control (DAC) solutions.
Key Responsibilities
- Cloud Security Posture Management (CSPM): Configure, monitor, and manage AWS security services (e.g., AWS Config, Security Hub, GuardDuty) to ensure compliance and detect misconfigurations.
- Cloud Workload Protection (CWPP): Secure workloads such as containers, VMs, and serverless functions using CWPP solutions.
- Network & Web Application Firewalls: Design, deploy, and maintain security policies/rules on Cloud Firewall and WAF to mitigate threats and exploits.
- Incident Response: Investigate incidents, perform root cause analysis, and drive remediation efforts.
- Automation: Build and maintain security automation scripts/tools (Python, Bash, PowerShell) to streamline operations.
- Vulnerability Management: Conduct vulnerability scanning/penetration testing; partner with teams to remediate.
- Policy & Compliance: Define and enforce security policies, standards, and best practices for regulatory frameworks (SOC 2, ISO 27001).
- Access Management: Manage IAM policies, roles, and accounts to enforce least privilege, including DAC tools like ChakraMax.
- Threat Modeling: Contribute to architecture reviews and integrate security early in solution design.
- Qualifications
Required:
- 3+ years in a dedicated cloud security role.
- Strong knowledge of AWS security services (IAM, Security Hub, GuardDuty, Config, Firewall, WAF, Inspector).
- Hands-on experience with CWPP, CSPM, and DAC tools (e.g., ChakraMax).
- Proficiency in scripting and automation (Python, CloudFormation, Terraform).
- Solid networking and security protocol expertise.
- Familiarity with OWASP Top 10 vulnerabilities.
- Strong problem-solving, communication, and collaboration skills.
- Bilingual Korean.
