Cloud Security Engineer - Remote Eligible

Cloud Security Engineer

Location: Offshore, India

Experience: 8-10 years

Role Overview

We are seeking a highly skilled Cloud Security Engineer to design, implement, and maintain robust security controls for AWS cloud environments. This role is critical in securing the migration of banking infrastructure from on-premises data centers to AWS, ensuring compliance with financial regulations, data protection standards, and industry best practices.

The candidate must have deep expertise in AWS security services, cloud security posture management, and data protection strategies within highly regulated environments such as banking or financial services.

Key Responsibilities

Cloud Security Architecture & Migration

• Implement and secure AWS architectures for migrating on-premises banking workloads.
• Perform threat modeling and risk assessments for migration strategies (rehost, replatform, refactor).
• Define secure landing zones using AWS best practices (multi-account strategy, segmentation).
• Ensure secure connectivity (VPN, Direct Connect) between on-prem and AWS environments.
• Collaborate with infrastructure and DevOps teams to embed security into migration pipelines.

AWS Cloud Security Controls

• Implement and manage AWS-native security services, including:
• Identity & Access Management (IAM) with least privilege access
• AWS Organizations and Service Control Policies (SCPs)
• AWS Key Management Service (KMS) for encryption
• AWS CloudTrail, CloudWatch, GuardDuty, Security Hub
• Establish strong access control mechanisms (RBAC/ABAC, MFA enforcement).
• Harden compute, storage, and network layers (EC2, S3, RDS, VPC).
• Experience in banking/financial services or other regulated industries.
• Strong understanding of:
• Data protection and privacy regulations
• Secure migration strategies and risks
• Ensure adherence to banking and financial regulatory requirements.
• Work closely with GRC teams to align cloud security with enterprise policies

Data Security & Protection

• Design and enforce data protection strategies for sensitive banking data:
• Encryption at rest and in transit
• Tokenization, masking, and anonymization
• Implement secure key lifecycle management and HSM integration if required.
• Define data classification and data loss prevention (DLP) controls.

Cloud Security Posture Management (CSPM)

• Implement and manage CSPM tools (e.g., AWS Security Hub, Prisma Cloud, Wiz, Orca).
• Continuously monitor for misconfigurations, vulnerabilities, and compliance gaps.
• Automate remediation using Infrastructure as Code (IaC) and security tooling.

Automation

• Integrate security into CI/CD pipelines (SAST, DAST, dependency scanning).
• Define guardrails using Infrastructure as Code (Terraform, CloudFormation).
• Automate security checks and policy enforcement (e.g., using AWS Config rules).
• Enable secure secrets management (AWS Secrets Manager, Parameter Store).

Required Skills & Experience

• Strong hands-on experience with AWS cloud security services.
• Deep understanding of:
• IAM, VPC security, encryption, network segmentation
• Cloud-native logging and monitoring
• Experience with CSPM and vulnerability management tools.
• Familiarity with hybrid cloud environments (on-prem + AWS).
• Proficiency in scripting (Python, Bash) and IaC (Terraform/CloudFormation).
• Strong analytical and problem-solving skills.
• Ability to work cross-functionally with infrastructure, DevOps, and compliance teams.
• Excellent communication skills for technical and non-technical stakeholders.

Preferred Qualifications

• AWS Certifications (e.g., AWS Certified Security – Specialty).
• Experience with zero trust architecture and micro-segmentation.
• Exposure to container and Kubernetes security (EKS).
• Knowledge of SIEM/SOAR platforms.