Take ownership of cloud security work across GCP and Azure, from design through day-to-day execution, working closely with infrastructure, platform, data, and application teams.
Run our data security and vulnerability management efforts, including DLP, sensitive data discovery, and remediation tracking across both cloud environments.
Build and maintain security automation using IaC (Terraform) and CI/CD pipelines so security controls are consistent, auditable, and easy for engineering teams to adopt.
Own and evolve our cloud security posture tooling (Wiz) tuning policies, investigating real risks, cutting down noise, and driving fixes that actually reduce exposure.
Regularly review cloud configurations, identify gaps, and fix issues before they turn into incidents, while owning infrastructure security controls tied to PCI and SOC 1/2.
Write and maintain clear cloud security standards and runbooks that engineers can actually follow.
Improve detection and response by building practical detections and response playbooks in Chronicle SIEM.
Act as a senior escalation point during incidents, helping teams triage, contain, and resolve cloud security issues.
Mentor other engineers and help raise the overall security bar without creating friction or silos.

Requirements

5+ years of hands-on cloud or infrastructure security experience, with real production experience in both GCP and Azure.
5+ years of experience with security assessments, security design reviews, or threat modeling.
Strong understanding of cloud fundamentals; IAM, networking, logging, monitoring, encryption and how security failures actually happen in cloud environments.
Experience delivering comprehensive security solutioning through design, coding, configuration and deployment.
Solid Python skills for automation, integrations, and reducing manual security work.
Practical experience using Terraform and security-as-code, including integrating security checks into CI/CD pipelines.
Hands-on experience with Wiz or similar CNAPP tools, with the ability to distinguish real risk from noise and drive remediation.
Experience writing or tuning detections in Chronicle SIEM and understanding how cloud threats show up in logs.
Background in vulnerability management, including prioritization, remediation tracking, and working with engineering teams to get fixes shipped.
Familiarity with penetration testing and using findings to improve systems, not just generate reports.
Ability to explain risk clearly to engineers without jargon.
Comfortable owning and driving projects end-to-end as an Individual Contributor or with a team, leveraging a highly collaborative environment.

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cloud securityinfrastructure securitysecurity assessmentssecurity design reviewsthreat modelingPythonTerraformsecurity-as-codevulnerability managementpenetration testing

Soft Skills

mentoringcommunicationcollaborationproblem-solvingproject ownership

Certifications

PCI complianceSOC 1SOC 2