AWS Cloud Security Engineer (W2)

Job Title: AWS Cloud Security Engineer

Location: Remote Opportunity

Job Description:

Domain Expertise

• AWS Organizational Governance: Service Control Policies (SCP) design, multi-account patterns, delegated admin setups.
• Logging & Audit Foundations: Org CloudTrail, AWS Config aggregator, S3 log archive hardening, GuardDuty, Security Hub.
• CSPM / CNAPP Operations(Wiz.io): Onboarding accounts/resources, tuning posture policies, integrating with ticketing and log routing (e.g., Cribl/SIEM).
• Infrastructure as Code: Terraform modules, reusable patterns, policy-as-code integration, CI scanning.
• Vulnerability & Risk Prioritization: Combining CVSS, exploit context, asset criticality, and signal sources into severity logic.
• Automation & Scripting: Python (boto3), AWS CLI, shell tooling for validation, evidence export, reporting.
• Identity & Access: IAM least privilege, cross-account role assumptions, permission boundaries, automation roles.
• Observability / Data Routing (Plus): Cribl / Firehose / Kinesis or equivalent pipeline familiarity.
• Compliance Awareness: HIPAA safeguard themes (auditability, access control, data protection, etc).
• Metrics & Reporting: Designing & extracting KPIs (coverage %, MTTR, SLA compliance, control efficacy).

Technical Skills Skill Depth Needed Context

• Terraform Advanced CNAPP onboarding, scanning pipeline
• Python (boto3) Advanced Validation & evidence automation
• AWS Security Services Deep Guardrails + findings pipeline
• SCP / IAM Policy JSON Deep Precise preventive controls
• CNAPP tooling Advanced Wiz configuration
• AWS Config / Conformance Packs Advanced Framework rule deployment
• Event & Log Pipelines Intermediate Cribl
• CI/CD (GitHub Actions, Azure DevOps, or similar) Intermediate Shift-left scanning & gating