Write, test, and maintain the exact rules (e.g., OPA/Rego) that evaluate developer Pull Requests to ensure they meet Mission-Critical data classification standards
Maintain and update the knowledge base and rule sets used by our AI-augmented GitOps agents, ensuring they are instantly aware of newly released internal security standards
Implement programmatic boundaries (e.g., Service Control Policies) to restrict unauthorized regions, mandate encryption, and enforce a strict "Private-by-Default" network posture
Ensure that all operational and audit telemetry is aggregated into centralized, tamper-proof storage, and monitor aggregated threat detection dashboards to resolve anomalies

Requirements

Bachelor's degree in Computer Science, Computer Engineering, Software Engineering or relevant work experience
4+ years of experience in cloud security, DevSecOps, or security automation engineering
Hands-on experience writing and deploying Policy-as-Code (e.g., Open Policy Agent, Rego, Sentinel)
Deep understanding of enterprise cloud security constructs, centralized policy enforcement, and KMS cryptography
Familiarity with translating rigorous compliance frameworks (e.g., NIST SP 800-53, FedRAMP, SOC2) into automated technical controls
Strong scripting skills (Python, bash) for developing automated security remediation lambda functions

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Policy-as-CodeOpen Policy AgentRegoSentinelcloud securityDevSecOpssecurity automation engineeringscriptingPythonbash