Cloud Security Engineer at workwave

<div> <p>We are seeking a proactive, hands-on <strong>Cloud Security Engineer</strong> to serve as the primary security partner for our Engineering and DevOps teams. In this role, you will be the "North Star" for secure cloud configuration, moving beyond simple alert triaging to building sustainable security foundations. You will bridge the gap between high-level security architecture and daily engineering execution, ensuring our AWS&nbsp; and Azure environments are&nbsp; resilient, compliant, and automated.</p> </div> WHAT YOU'LL DO: • Cloud Governance & Guardrails: Lead the deployment and optimization of AWS Control Tower, Security Hub, and AWS WAF to establish a secure multi-account strategy. • Cloud Security Platform Ownership: Own cloud security outcomes across AWS (primary), Azure (secondary), and limited GCP, including secure landing zone standards, guardrails-as-code, detection coverage, and remediation automation. • Secure-by-Default Engineering: Design and implement reusable, secure-by-default cloud patterns that allow engineering teams to deploy safely without constant security intervention. Establish hardened Terraform modules, reference architectures, and baseline configurations so the secure path becomes the easiest path for teams building in AWS. • Container Security: Collaborate with the AppSec Architect to secure EKS and ECS environments, focusing on runtime protection, image scanning, and least-privilege orchestration. • Security Assessment & Roadmap: Perform a comprehensive baseline assessment of the current cloud environment to identify gaps and provide actionable, prioritized recommendations. • Identity & Access Management: Lead design and enforcement of least-privilege IAM architecture across AWS accounts and workloads. • Operational Excellence: Develop and maintain secure configuration standards, documentation, and operational procedures that enable engineering teams to consistently deploy and operate cloud services securely. • Detection & Telemetry Ownership: Partner with security operations to ensure security telemetry from AWS environments is complete, centralized, and actionable (CloudTrail, GuardDuty, VPC Flow logs, etc.) • Cloud Security & Compliance Alignment: Ensure cloud configurations and controls align with internal security standards and external compliance requirements (ISO 27001, SOC 2, etc.). Partner with Security and GRC teams to implement audit-ready controls, automate evidence collection where possible, and maintain clear documentation of cloud security control coverage. • Third-Party Integration: Manage secure access and configuration for security vendor tools (vulnerability scanners, assessment platforms, etc.) within the cloud environment. • Incident Response: Participate in an on-call rotation for one week at a time and serve as primary SME for cloud security incidents (IAM compromise, exposed keys, misconfigurations, etc.). • Vulnerability & Exposure Management: Build and run the cloud vulnerability management program for AWS and Azure workloads, container images, and base AMIs. Define severity-based SLAs, implement scalable scanning and patch workflows (e.g., AWS Inspector, ECR scanning, hardened base images), and partner with Engineering to reduce exploitable exposure. • Cloud Security Tooling Ownership: Own onboarding, coverage validation, and tuning of CSPM and MDR integrations across AWS, Azure and GCP. Drive measurable improvement in signal quality, alert fidelity, and remediation workflows through automation and engineering partnerships. • Secrets, Keys, and Credential Hygiene: Design and enforce secure secrets management patterns (AWS Secrets Manager/Parameter Store/Vault), automated rotation, and least-privilege secret access. Own KMS key strategy and governance (key policies, grants, rotation, separation of duties) and ensure no long-lived credentials in CI/CD. • CI/CD and Supply Chain Security: Secure the software delivery pipeline end-to-end, including identity federation for CI/CD, policy-as-code enforcement for Terraform and Kubernetes, artifact integrity controls (signing/provenance), and secure dependency/source controls. Ensure security guardrails are automated and developer-friendly. • Cloud Incident Readiness & Exercises: Build cloud-native incident playbooks (IAM compromise, crypto-mining, data exposure, suspicious network activity) and run periodic tabletop exercises. Ensure forensics readiness through log retention standards, immutable/auditable logging where appropriate, snapshot/containment procedures, and break-glass access controls. • Multi-Cloud & Hybrid Baselines: Establish minimum viable security baselines for Azure and GCP (identity, logging, storage, network, key management) and ensure telemetry parity into centralized detection. Partner with operation teams to secure hybrid connectivity with data center environments (segmentation, identity boundaries, secure administrative access). • Security Metrics & Continuous Improvement: Define and report on key cloud security metrics (coverage, misconfiguration trends, MTTR, control adoption, vulnerability SLAs). Use metrics to prioritize work, demonstrate risk reduction, and drive engineering alignment. • Leadership and Execution: Mentor other engineers and raise baseline security literacy in platform/DevOps teams through patterns, reviews, and internal enablement. WHAT YOU'LL BRING: • 5–8+ years of experience in Information Security, with at least 3+ years focused specifically on AWS Cloud Security. • AWS Deep Dive: Deep hands-on experience designing and securing AWS environments, core services (IAM, VPC, S3, KMS) and security-specific services (GuardDuty, Inspector, Config). • IaC Proficiency: Strong hands-on experience with Terraform for managing cloud infrastructure. • Containerization: Proven experience securing containerized workloads in EKS or ECS. • Azure Knowledge: Willingness to provide basic security support/maintenance for an existing Azure environment (Deep expertise not required; AWS is the priority). • Consultative Mindset: Ability to assess a complex environment and provide a "roadmap to green" rather than just identifying problems. • Collaborative Partnership: Ability to work side-by-side with engineers, speaking their language and helping them solve problems rather than just "blocking" tickets. • Strategic Documentation: Capability to translate technical configurations into clear, repeatable processes and procedures. • Automation First: A drive to automate manual security tasks to increase efficiency and reduce human error. • Education/Certifications: Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent work experience. • Industry certifications such as Azure security certification, AWS Certified Security – Specialty or related are highly desirable. WHAT YOU SHOULD KNOW ABOUT US: • We are laid back but buttoned up. We offer a casual work environment and remote work flexibility and have a passion for developing creative, innovative best in class solutions that directly contribute to the success of our customers • We care deeply and deliver service and solutions that make a real difference in the lives of our clients and their businesses • We openly accept others as they are and build strong partnerships based on trust • Teamwork and collaboration is key to help our colleagues and customers solve their challenges • Our team is energetic, fun, naturally inquisitive and eager to make an impact, we invite you to join us! LOVE WHAT YOU DO, NO MATTER WHERE YOU DO IT: • Join our Remote-First Global Work Community: WorkWave provides an innovative and dynamic remote-first Global Work Community that encourages growth, creativity, and collaboration. No matter what stage of your career or where you live, WorkWave is your place to be part of a global company with a startup feel, where your ideas matter and your growth is a priority. A GLOBAL COMPANY WITH A LOCAL PRESENCE: • We know that there are benefits of being in the office and working from home. WorkWave promotes a healthy work/life balance and provides employees with the flexibility of collaborating in the office or the option to work virtually if desired. Our teams are well versed at working collaboratively in a fully virtual environment. • Our HQ is based at our state of the art home office in the historic Bell Works complex located in Holmdel Township, New Jersey. We keep our offices available to all to use when working remotely isn’t feasible, or to help with cross training, team building and/or brainstorming. • We have employees in over 30 states, 7 countries and many regional offices - each with their own set of perks and opportunities to give back to the local community. • Whether you work remotely or take advantage of one of our offices, you’ll find a community of WorkWavers that value diversity, and care deeply about our products, clients, our communities and each other. RELAX, WE'VE GOT YOU COVERED: • Employees can expect a robust benefits package, including health and dental and 401k with company match AND BEYOND... • Find your perfect work/life balance with our Flexible Time Off policy or generous PTO plan (role dependent) and paid holidays • Up to 4 weeks paid bonding leave • Tuition reimbursement • Robust Employee Assistance Program through TotalCare offering free counseling 24/7/365, plus financial counseling, legal guidance, adoption assistance services and much more! • 24/7 access to virtual medical care with Teladoc • Quarterly awards based on peer nominations • Regional discounts and perks • Opportunities to participate in charitable events and give back to the community GROW WITH US: • We understand the impact of attracting and keeping top talent and reward intellectual curiosity and a thirst for personal and professional growth • Encouraging our employees that already have an intimate knowledge of and passion for our products to apply for other roles within our walls just makes sense! • Our employees have access to extensive video libraries for soft skill and role specific training available 24/7 and live trainings are provided throughout the year JOIN OUR WINNING TEAM! • 10 Time winner of Best Place to Work in New Jersey by NJBiz! • WorkWave has been recognized with multiple awards for its outstanding products, growth and culture, including the Inc. 5000, SaaS Award, IT World Awards, Globe Awards, Silver Stevie Award for Employer of the Year, and Best Place to Work Inc. Magazine • Named one of The Software Report's 3rd annual list of the Top 100 Software Companies of 2022 (worldwide!) We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, age, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status: Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At WorkWave, we are dedicated to building a diverse, inclusive and authentic workplace, so if you feel like you could make a great impact in this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may just be the right candidate for this or other roles!