Senior Infrastructure Security Engineer

Role Overview

Senior, hands-on Infrastructure Security Engineer joining Prometheum’s consolidated security function (cloud infrastructure, security operations, and regulatory compliance). The role has broad ownership and direct access to leadership while the security program is actively being matured.

Responsibilities

• Design and maintain secure AWS infrastructure using Terraform and Terragrunt, focusing on IAM least privilege, account isolation, and security guardrails.
• Secure AWS networking, including VPC segmentation, Transit Gateway architecture, PrivateLink for service isolation, Network Firewall, and Route 53 Resolver DNS security.
• Manage Cloudflare infrastructure: DNS, WAF, and edge compute.
• Architect and operate Cloudflare Zero Trust, including Access policies, Tunnel configuration, Gateway egress filtering, and DNS security policies (plus WARP client deployment).
• Manage and tune AWS-native security tooling: GuardDuty, Security Hub, AWS Config, Inspector, CloudTrail, and WAF.
• Integrate security controls into CI/CD using GitHub Actions (SAST, DAST, container image scanning, dependency vulnerability checks, secrets detection).
• Enhance container/workload security with image signing, Kyverno admission controllers, runtime policies, and strong base image hygiene.
• Own vulnerability and patch lifecycle across Docker images, Helm charts, Terraform modules, and application packages.
• Security monitoring and incident response: SIEM/log aggregation pipelines, alert tuning, root cause analysis, and post-mortem documentation.
• Coordinate vulnerability assessments and track findings through remediation.
• Automate compliance checks and drift detection using infrastructure scanning and policy-as-code tooling.
• Participate in on-call rotation for security and infrastructure incidents.
• Support SEC and FINRA compliance by implementing and documenting technical controls and partnering with legal/compliance teams during audits.
• Document security architecture, access controls, and infrastructure patterns for audit readiness.

Requirements

• 7+ years in information technology or cloud infrastructure.
• 5+ years in infrastructure, security engineering, or DevOps, with meaningful hands-on overlap across all three.
• Strong AWS security expertise across: IAM, VPC, GuardDuty, Security Hub, Config, CloudTrail, Secrets Manager, KMS, Network Firewall, PrivateLink.
• Production experience with Cloudflare Zero Trust (Access, Tunnel, Gateway) including WARP.

Nice-to-haves

• Experience in a lean, regulated environment and comfort with broad scope across security and compliance.
• Familiarity with policy-as-code tooling and container security best practices (image signing, runtime policy enforcement).