Principal AWS Cloud Security Engineer #15222

Purpose Of The Job

Our client is seeking a Principal AWS Cloud Security and Compliance Engineer with extensive hands-on experience in securing cloud environments at scale. This role is ideal for a seasoned security expert who thrives on designing, implementing, and managing cloud security controls, ensuring compliance with industry standards, and mitigating security risks across AWS infrastructure. The ideal candidate will bring a deep understanding of AWS security services, regulatory compliance frameworks, and cloud-native security best practices.

Main Tasks And Responsibilities

Security Architecture & Design: Lead the design and implementation of secure AWS architectures, ensuring compliance with security frameworks and industry best practices

Governance & Compliance: Develop, enforce, and monitor compliance with SOC 2, ISO 27001, NIST, CIS, FedRAMP, PCI-DSS, HIPAA, and other security standards

Cloud Security Operations: Implement and manage AWS security services such as AWS IAM, AWS KMS, AWS GuardDuty, AWS Security Hub, AWS Macie, AWS Config, AWS WAF, and AWS Shield

Threat Detection & Incident Response: Develop SIEM integrations, monitor security logs, investigate incidents, and lead incident response efforts to mitigate threats

Automation & Infrastructure Security: Implement Infrastructure as Code (IaC) security policies using Terraform, AWS CloudFormation, or AWS CDK. Automate security monitoring and compliance reporting

Identity & Access Management (IAM): Define and enforce least privilege access controls, manage AWS Organizations and Service Control Policies (SCPs)

DevSecOps & CI/CD Security: Embed security into the CI/CD pipeline, ensuring secure deployment practices across cloud workloads

Security Risk Assessments: Perform cloud security risk assessments, threat modeling, and penetration testing to identify and mitigate vulnerabilities

Security Awareness & Training: Mentor engineering teams on secure coding, cloud security best practices, and AWS security controls

Stakeholder Collaboration: Work with engineering, compliance, and business teams to align security strategies with organizational goals

Education, Skills And Experience

MUST HAVE:

10+ years of hands-on experience in cybersecurity, cloud security, and compliance, with at least 5 years in AWS security

Expert-level knowledge of AWS security services, architecture, and best practices. Deep understanding of compliance frameworks (e.g., SOC 2, ISO 27001, NIST, FedRAMP, PCI-DSS, HIPAA)

Experience with AWS IAM, VPC security, AWS WAF, KMS, CloudTrail, Config, Security Hub, Macie, and GuardDuty

Proficiency in SIEM solutions, security automation, and cloud-native security tools

Hands-on experience with IaC security (Terraform, CloudFormation), container security (EKS, ECS), and serverless security

Strong background in DevSecOps, securing CI/CD pipelines, and integrating security into cloud-native development

Expertise in identity & access management (IAM), RBAC, MFA, and Zero Trust security models

Experience with incident response, threat detection, and forensic analysis in AWS

Proficient in scripting and automation (Python, Bash, or PowerShell)

Strong communication skills with the ability to influence technical and non-technical stakeholders

Would Be a Plus

AWS Certified Security – Specialty or AWS Certified Solutions Architect – Professional certification

Experience in multi-cloud security (AWS, Azure, GCP)

Familiarity with security risk management frameworks (e.g., MITRE ATT&CK, OWASP, CIS Benchmarks)

Knowledge of AI/ML security, API security, and data protection strategies