Senior Security Engineer
Onit
AnsibleAWSCloudEC2FirewallsLinuxPythonTerraform
Job Level
Senior
Tech Stack
AnsibleAWSAzureCloudFirewallsFluxGoGoogle Cloud PlatformKubernetesLinuxPackerPythonTerraform
About the role
- Embed security into every stage of the infrastructure lifecycle, from design to deployment
- Design and implement scalable cloud security controls in AWS multi-account environments
- Lead Kubernetes security architecture, including PodSecurity, RBAC, and network policies
- Enforce zero trust network architecture and secure segmentation across cloud and hybrid environments
- Integrate security automation into CI/CD pipelines (image scanning, SAST, IaC analysis)
- Deploy and manage endpoint and vulnerability management tools such as CrowdStrike and Tenable
- Continuously monitor infrastructure for vulnerabilities, threats, and misconfigurations
- Enforce least privilege IAM policies and secure secrets management
- Conduct regular audits, penetration testing, and hardening of cloud workloads and host systems
- Conduct network traffic inspection using VPC Flow Logs, packet capture, or NetFlow
- Tune and respond to alerts from WAF, IDS/IPS, and SIEM systems
- Collaborate with DevOps and IP teams on security-as-code principles and secure-by-default practices
- Document security controls, incident response playbooks, and operational runbooks
- Champion a security-first culture through collaboration, training, and awareness
- Proactively identify risks, secure network perimeters, and automate remediation where possible
Requirements
- A minimum of 5 years in DevSecOps, Cloud Security, or Infrastructure Security roles
- Strong expertise in AWS security services (IAM, KMS, GuardDuty, Config, Security Hub, etc.)
- In-depth understanding of network security principles (firewalls, routing, segmentation, VPNs, IPsec, etc.)
- Proven hands-on experience with Kubernetes security (RBAC, NetworkPolicies, OPA/Gatekeeper, Admission Controllers)
- Experience operating CrowdStrike Falcon and Tenable Nessus / Tenable.io
- Experience with WAFs, DDoS protection, NIDS/NIPS, and threat intelligence integrations
- Comfortable with packet inspection, flow analysis, and traffic monitoring (tcpdump, Wireshark, Suricata, etc.)
- Proficiency in Infrastructure as Code (Terraform, Terragrunt) and configuration management (Ansible, Packer)
- Strong scripting/programming skills (Python, Go, or Bash) for automation and tooling
- Solid understanding of Linux security hardening and secure cloud networking
- Familiarity with service mesh security in Istio or similar
- Experience with GitOps workflows using tools like Argo CD or Flux
- Understanding of vulnerability management, secure software development lifecycle (SSDLC), and security controls for containers
- Exposure to compliance frameworks like ISO 27001, SOC2, NIST, PCI-DSS is a plus
- Excellent analytical and problem-solving skills with a proactive mindset
- Certifications such as AWS Certified Security Specialty, CKS, OSCP, or CISSP is a plus
- Experience with multi-cloud security (Azure/GCP)
- Background in ethical hacking, bug bounty programs, or red teaming
- Familiarity with tools like Falco, Sysdig, Trivy, or eBPF-based runtime security tools
Similar jobs on JobTailor
Senior Engineer, Identity and Access Management – Product Security
CrowdStrike
AnsibleAWSAzureCloudCyber SecurityDistributed SystemsGoGoogle Cloud PlatformLinuxPythonSaltStackTerraform+1 more
Demo Systems Engineer
Abnormal Security
AnsibleAWSAzureCloudCyber SecurityDockerGoGoogle Cloud PlatformKubernetesPythonSplunkTerraform
Site Reliability Engineer – FedRAMP, AWS GovCloud, Public Sector
Claroty
AnsibleAWSCloudCyber SecurityDockerEC2FirewallsGrafanaIoTJenkinsKubernetesLinux+3 more
Cloud Infrastructure Administrator II
Coalfire
AnsibleAWSAzureCloudCyber SecurityDNSDockerGoogle Cloud PlatformGrafanaKubernetesLinuxPrometheus+4 more