Cloud Security Engineer
WorkWave
seniorpermanentsecuritydevops United States 49 days ago via LinkedIn
See how well this job matches your profile
Sign up to get an AI match score and generate a tailored application in seconds.
Get your match scoreTags
Cloud SecurityAWSAzureIAMTerraformKubernetesEKSECSSOC 2ISO 27001
About the role
Role Overview
WorkWave is seeking a proactive, hands-on Cloud Security Engineer to be the primary security partner for Engineering and DevOps. You’ll bridge security architecture and day-to-day execution, building automated guardrails and secure foundations for AWS (primary) and Azure (secondary), with limited GCP.
Responsibilities
Cloud governance & guardrails (AWS focus)
- Lead deployment/optimization of AWS Control Tower, AWS Security Hub, and AWS WAF for a secure multi-account strategy.
Cloud security platform ownership
- Own cloud security outcomes across AWS (primary), Azure (secondary), and limited GCP:
- Secure landing zone standards
- Guardrails-as-code
- Detection coverage and remediation automation
Secure-by-default engineering enablement
- Design reusable secure cloud patterns so engineering teams can deploy safely without constant security intervention.
- Build hardened Terraform modules, reference architectures, and baseline configurations.
Container security
- Partner with the AppSec Architect to secure EKS and ECS with:
- Runtime protection
- Image scanning
- Least-privilege orchestration
Security assessment & roadmap
- Perform baseline assessments of current cloud security posture.
- Provide actionable, prioritized recommendations.
Identity & Access Management (IAM)
- Lead least-privilege IAM architecture across AWS accounts and workloads.
Operational excellence
- Maintain secure configuration standards, documentation, and operational procedures for secure cloud deployments.
Detection & telemetry ownership
- Ensure cloud telemetry is complete, centralized, and actionable (e.g., CloudTrail, GuardDuty, VPC Flow Logs).
Security & compliance alignment
- Ensure controls align with internal security standards and external compliance requirements (e.g., ISO 27001, SOC 2).
- Work with Security and GRC teams to implement audit-ready controls and automate evidence collection where possible.
Third-party integration management
- Manage secure access/configuration for security vendor tools (vulnerability scanners, assessment platforms, etc.).
Incident response
- Participate in an on-call rotation (one week at a time) and act as primary SME for cloud security incidents (IAM compromise, exposed keys, misconfigurations, etc.).
Vulnerability & exposure management
- Build and run vulnerability management for AWS/Azure workloads, container images, and base AMIs.
- Define severity-based SLAs.
- Implement scalable scanning and patch workflows (e.g., AWS Inspector, ECR scanning, hardened base images).
- Partner with Engineering to reduce exploitable exposure.
Cloud security tooling ownership
- Own onboarding, coverage validation, and tuning of CSPM and MDR integrations across AWS/Azure/GCP.
- Improve signal quality, alert fidelity, and remediation workflows through automation.
Secrets, keys, and credential hygiene
- Design and enforce secure secrets management patterns (e.g., AWS Secrets Manager/Parameter Store and/or Vault), automated rotation, and least-privilege secret access.
- Own KMS key strategy and governance (policies, grants, rotation, separation of duties).
- Ensure no long-lived credentials in CI/CD.
CI/CD and supply chain security
- Secure the software delivery pipeline end-to-end, including identity federation for CI/CD.
- Enforce policy-as-code for Terraform and Kubernetes (text cut off after “artifact”).
About WorkWave
WorkWave is a technology company focused on building software for transportation and field service operations. It partners with Engineering and DevOps teams to deliver reliable engineering outcomes across cloud environments, with an emphasis on security, compliance, and operational excellence.
Scraped 4/1/2026