Staff AWS Cloud Security Engineer

Foster CityFull-timelead

EngineeringSecuritySecurity EngineerCloud Security EngineerCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Zoox Cybersecurity is seeking a AWS Cloud Security Engineer to lead the design and implementation of secure, scalable, and software-defined infrastructure in our AWS cloud environment.

Technical Tools

EngineeringSecuritySecurity EngineerCloud Security EngineerCybersecurity

Zoox Cybersecurity is seeking a AWS Cloud Security Engineer to lead the design and implementation of secure, scalable, and software-defined infrastructure in our AWS cloud environment. This role is responsible for establishing best-in-class security practices across AWS, driving automation-first infrastructure security, and partnering with engineering and platform teams to embed security into every layer of our technology stack. You’ll act as a security champion, ensuring that infrastructure designs meet the highest standards of confidentiality, integrity, and availability. While maintaining operational efficiency and scalability through Infrastructure as Code (IaC). This role requires a strategic thinker with deep technical expertise in cloud security architecture, network security principles, and cloud-native vulnerability management.

The ideal candidate will blend hands-on technical skills with leadership capabilities to guide both security initiatives and team development.

Cloud Security Engineering and Architecture

Design and implement enterprise-grade AWS security architectures using zero-trust principles

Develop organization-wide security standards for IAM, VPC configurations, and data protection mechanisms

Architect multi-account AWS environments with Security Hub, GuardDuty, and AWS Config integrations

Lead Cloud Security Posture Management (CSPM) initiatives using Infrastructure-as-Code (Terraform/CloudFormation)

Network Security

Design and support secure network architectures using AWS constructs (TGW, GWLB, Firewalls)

Implement layered defenses with WAF, Firewalls, Security Groups, and Network ACLs

Optimize security controls for hybrid cloud environments and SD-WAN integrations

Cloud Vulnerability Management

Establish risk-based vulnerability prioritization frameworks for cloud assets

Develop automated remediation pipelines using CI/CD tools and OPA policies

Conduct attack surface analysis through cloud-specific threat modeling

Leadership Expectations

Mentor a team of 2 or more Cloud Security Analysts

Lead cross-functional collaboration with SRE, ProdSec, IT, and Software Engineering teams

Develop security training programs and cloud security certification paths

Oversee vendor relationships for cloud security tooling and services

Proven experience developing security analysts through mentorship

Strong background in creating security policy frameworks and technical documentation

10+ years of Security Engineering experience supporting production and/or DevOps environments, both Cloud and On-premises, along with proficiency with security automation using Python/Go and/or Terraform

Experience implementing, administering, and supporting Cloud platform system/network vulnerability scanning tool(s), and development of microservice-based architectures

Deep understanding of NIST CSF, MITRE ATT&CK Cloud Matrix, and CIS AWS Benchmarks

Strong understanding of vulnerability scoring frameworks and business risk decision making

Experience with: hybrid enterprise environments (cloud plus on-premises data centers); DevOps tools, artifact repositories, and Infra-as-code technology; dashboard technologies.

Expert-level AWS security implementation experience

AWS Certifications / AWS Certified Security - Specialty

XSOAR (preferably Palo Alto Networks) and general automation development experience Experience with shell scripting, API usage and integration in Linux and Windows

Palo Alto Networks Certified Security Engineer