Cloud Security Engineer

Who You Are:
You are a cloud security specialist with a strong background in AWS environments. You have a deep understanding of AWS security services, cloud architecture, and best practices to protect sensitive data and mitigate risks. You enjoy collaborating with cross-functional teams to ensure security is embedded throughout the cloud lifecycle from design to deployment and monitoring. You are proactive, detail-oriented, and passionate about staying ahead of emerging security threats.
Does this sound like you? If so, keep reading and apply today!

What You'll Do:

• Design and implement security controls and configurations for AWS services, including EC2, S3, VPC, IAM, EKS, Lambda, RDS, and more.
• Conduct risk assessments, vulnerability scans, and penetration testing on AWS infrastructure to identify and remediate security gaps.
• Develop and enforce IAM policies, roles, and permissions to ensure least-privilege access across AWS environments.
• Configure and manage AWS security tools such as AWS Security Hub, GuardDuty, CloudTrail, AWS Config, and Inspector to monitor and respond to threats.
• Implement encryption mechanisms for data at rest and in transit using AWS KMS (Key Management Service) and other cryptographic tools.
• Collaborate with DevOps teams to integrate security into CI/CD pipelines using tools like AWS CodePipeline and third-party solutions.
• Respond to security incidents, perform root cause analysis, and recommend corrective actions to prevent recurrence.
• Ensure compliance with industry standards and regulations (e.g., SOC 2, ISO27001) within AWS environments.
• Stay up-to-date with emerging cloud security threats, AWS updates, and best practices to proactively enhance security posture.
• Document security processes, architectures, and incident reports for internal and audit purposes.

What You Have:

• 3+ years of experience in cloud security, with at least 2 years focused on AWS environments.
• Strong knowledge of AWS security services (e.g., IAM, GuardDuty, CloudTrail, KMS, WAF) and their practical application.
• Experience with infrastructure-as-code (IaC) tools like Terraform or AWS CloudFormation for secure deployments.
• Familiarity with scripting languages (e.g., Python, Bash) for automation of security tasks.
• Understanding of networking concepts (e.g., VPC, subnets, security groups, NACLs) and their security implications in AWS.
• Proven ability to conduct threat modeling, vulnerability management, and incident response in cloud environments.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills to collaborate with technical and non-technical stakeholders.

Extras you bring:

• Experience with container security (e.g., Docker, Kubernetes) in AWS ECS or EKS.
• Familiarity with compliance frameworks and audit processes.

Why Join Polly?

• We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates 
• You will have an impact on the design, architecture and implementation of markets that are often called the engine of US economy
• We value drive for excellence, independent thinking, teamwork and curiosity
• You will work with both government backed and industry leading companies to create a digital pipeline that facilitates real time trading of loans
• We have an experienced leadership team that previously built large and impactful platforms 
• Outstanding opportunity for professional growth and upward mobility 
• Direct engagement with the decision makers and senior business leaders 
• Competitive salaries
• 100% paid medical/vision/dental/disability/life insurance 
• Unlimited PTO
• Hybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas

Let’s get to know each other.
Polly is transforming the mortgage industry with its modern, data-driven capital markets ecosystem. Banks, credit unions, and mortgage lenders nationwide trust Polly’s revolutionary Product and Pricing Engine (PPE), Loan Trading Exchange, and actionable data and analytics to automate and optimize the entire capital markets value chain, helping their secondary teams operate faster, smarter, and more profitably. Polly was founded in 2019 by a seasoned team of technology and mortgage experts and is headquartered in San Francisco, California. 
To learn more, follow Polly on LinkedIn or visit www.polly.io.  Polly is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, age, color, national origin, religion, sex, gender identity, sexual orientation, marital status, pregnancy status, disability status, veteran status, or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Beware of recruitment scams impersonating Polly brand or employees. Our team communicates only through official Polly channels, and we will never ask for sensitive information over text or conduct text-only interviews. If you are ever suspicious or in doubt, reach out to us directly at peopleteam@pollyex.com.  We care deeply about this network and your experience.