Principal Cloud Security Engineer

Position Summary:

We are seeking an experienced and proactive DevSecOps engineer with expertise in AWS and AZURE Platforms to join our Cybersecurity Application Platform Security Team. This role combines expertise in AWS & AZURE platforms security with a strong foundation in DevSecOps practices to ensure the ‘secure by design’, ‘secure by default’ principles throughout development, deployment, and operation of AWS & AZURE platforms. The ideal candidate will have hands-on experience with Cybersecurity platforms, with a deep understanding of AWS & AZURE cloud platforms. This position plays a critical role in assisting customer portfolio teams to secure SaaS, PaaS platforms, maintain compliance and availability.

DevSecOps engineer role responsible for security automation of cloud services.

Job Responsibilities

• Secure the AWS & AZURE Platform: Implement best practices to ensure AWS & AZURE applications are “secure by design” and “secure by default” protecting sensitive data and workflows. 

• Provide guidelines on usage of AppExchange / Vendor products versus using out of box capabilities with a keen eye for cybersecurity risk.

• Risk Identification & Mitigation: Proactively identify security risks across the AWS & AZURE ecosystem and implement solutions to address vulnerabilities.  

• DevSecOps Enablement: Drive DevSecOps practices within the organization by embedding security into the development lifecycle of AWS & AZURE applications.

• Collaboration with Stakeholders: Partner with various customer portfolio teams to influence their roadmaps, ensuring security is a foundational element in their strategies.  

• Data Security & Compliance: Ensure compliance with data protection regulations and implement robust data security measures within AWS & AZURE and integrated systems.  

• Cloud Integration Expertise: Leverage your knowledge of AWS & AZURE to secure integrations

• Continuous Improvement: Stay up to date on emerging threats, trends, and technologies in application security to continuously improve our security posture.  

• Communication & Advocacy: Act as a trusted advisor on security matters, effectively communicating complex technical concepts to both technical and non-technical stakeholders.  

Qualifications

We’re looking for someone with:  

• Recent 5+ years of experience in IT focused on DevSecOps, DevOps or Security Engineering roles.

• Recent 3+ years of shell scripting, aws-cli, python, lambda.

• Recent 1+ years of Terraform deployments and Terraform templates (Infrastructure as Code).

• Knowledge of and experience with CI/CD technologies.

• Knowledge of and experience with continuous security practices.

• Knowledge of infrastructure automation and infrastructure as code.

• Demonstrated ability to integrate security practices into AWS & AZURE applications.

• Proficiency in data protection techniques such as encryption, tokenization, and access controls.

• Bachelor’s degree in computer science, Information Security, or a related field.

Desired Skills  

• Experience with Salesforce, SAP, and MuleSoft architecture, development, and administration with a focus on platform security (e.g., profiles, roles, permissions, encryption).

• Excellent Communication Skills: Ability to clearly articulate security concepts to diverse audiences, including engineers, product managers, and executives.  

• Collaboration & Influence: Proven ability to work cross-functionally with teams to align on security priorities and influence roadmaps.  

Preferred Technical Skills/ Qualifications

• Relevant certifications in Cybersecurity – SSCP, CISSP, CISM preferred.

• AWS certifications (e.g., AWS Certified Solutions Architect or AWS Certified Security Specialty).  

• AZURE certifications.

• Experience with regulatory frameworks like GDPR, CCPA, or HIPAA.

• The ideal candidate will be passionate about security, have a proactive mindset, and be able to balance security requirements with business needs. They should be comfortable working in a fast-paced environment and be able to adapt to evolving security threats and technologies

Salary Range

• Please note that the salary information provided herein is base pay only (gross); it does not include other forms of compensation which may or may not apply to this specific position, namely, performance-based bonuses, benefits-related payments, or other general incentives - none of which are guaranteed, may be subject to specific eligibility requirements, and are wholly within the discretion of Astreya to remit.
• Further, the salary information noted above is a range that consists of a minimum and maximum rate of pay for this specific position. Where an applicant or employee is placed on this range will depend and be contingent on objective, documented work-related considerations like education, experience, certifications, licenses, preferred qualifications, among other factors.

Astreya offers comprehensive benefits to all Regular, Full-Time Employees, including:

• Medical provided through Cigna (PPO, HSA, EPO options) / Medical provided through Kaiser (HMO option only) for California employees only

• Dental provided through Cigna (DPPO & DHMO options)

• Nationwide Vision provided through VSP

• Flexible Spending Account for Health & Dependent Care

• Pre-Tax Account for Commuter Benefit/Parking & Transit (location-specific)

• Continuing Education and Professional Development via various integrated platforms, e.g. Udemy and Coursera

• Corporate Wellness Program

• Employee Assistance Program

• Wellness Days

• 401k Plan

• Basic Life, Accidental Life, Supplemental Life Insurance

• Short Term & Long Term Disability

• Critical Illness, Critical Hospital, and Voluntary Accident Insurance

• Tuition Reimbursement (available 6 months after start date, capped)

• Paid Time Off (accrued and prorated, maximum of 120 hours annually)

• Paid Holidays

• Any other statutory leaves, paid time, or other fringe benefits required under state and federal law