Responsibilities:
- Design, develop, and implement a comprehensive authorization framework for cloud resources, addressing user roles, resource-specific restrictions, task-based access, and granular engineering access
- Lead the technical implementation of Just-In-Time (JIT) access control systems for production environments (systems, secrets, data) to minimize standing privileges for engineering and platform teams.
- Collaborate with engineering to integrate data classification with access control mechanisms, ensuring that data sensitivity directly informs access decisions.
- Develop and maintain security automation scripts, tools, and services in Python or Go to streamline security operations, vulnerability management, compliance checks, and incident response.
- Write clean, maintainable, and testable code for security automation, building custom security integrations, and developing security-focused tools.
- Implement and champion Infrastructure as Code (IaC) principles, specifically using Terraform, for programmatic definition, enforcement, and auditing of security configurations.
- Contribute to the design and implementation of centralized security controls, such as an engineering-owned Web Application Firewall (WAF), to manage rate limiting, IP blocking, input validation, and request filtering.
- Partner with engineering teams to establish and implement secure practices for managing the development toolchain to mitigate supply chain risks.
- Design and help implement a secure mechanism for webhook testing in local development environments, blocking unauthorized tunneling tools.
- Define, implement, and enforce container security hardening standards in collaboration with engineering teams.
- Drive the remediation of legacy cloud environments by inventorying, assessing, and improving security controls.
- Design and implement solutions for granular data access control in cloud environments, particularly addressing compliance requirements for handling sensitive data.
- Collaborate closely with infrastructure software, engineering, DevOps, and product teams to co-design and integrate robust, automated security controls into systems, architectures, and CI/CD pipelines.
- Act as a subject matter expert on cloud security (AWS, GCP), providing guidance, code reviews, and technical expertise on secure cloud adoption and access control best practices.
- Conduct security assessments, threat modeling, and contribute to incident response, developing automation for prevention and faster response.
Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- 5+ years of experience in cloud security, with a strong emphasis on designing, developing, and implementing security solutions in AWS.
- Proven hands-on software development experience, particularly in Python and Go, for security automation, building security tools, and infrastructure management.
- Demonstrable experience designing and implementing robust authorization and access control frameworks (e.g., RBAC, ABAC, policy-as-code) and Just-In-Time (JIT) access solutions.
- Experience with Infrastructure as Code (IaC) with deep proficiency in writing and maintaining Terraform modules for security.
- Experience with containerization (Docker, Kubernetes/EKS), including hands-on experience hardening containerized environments.
- Experience with SDLC security, CI/CD pipeline security integration, and secure software development practices.
- Experience with security logging, monitoring, alerting tools (e.g., SIEM, AWS CloudTrail, CloudWatch, GuardDuty), and scripting against their APIs.
- Experience with cloud security frameworks (especially HIPAA), regulations, and standards.