AWS Cloud Security Developer

Role: AWS Cloud Security Developer Location: REMOTE

Description:
The AWS Security Manager is responsible for ensuring the security, compliance and protection of our cloud-based infrastructure. The ideal candidate will have hands-on experience with AWS security services, cloud risk assessments, incident response and continuous security monitoring. This role partners with Cloud Engineering, DevOps and Application teams to maintain a secure and resilient cloud environment. The manager partners with Security, Cloud Engineering, DevOps, GRC, Audit and Application teams to embed security into all stages of the cloud lifecycle.

Responsibilities:
Lead and mentor a team of security engineers focused on AWS hardening, Terraform automation, CI/CD security and cloud monitoring and incident response
Establish enterprise-wide AWS security standards and policies
Oversee Identify and Access Management (IAM) strategy
Strong proficiency with Terraform, including writing reusable modules and automated deployments through CI/CD
Experience with AWS Lambda development and serverless architecture, with the ability to guide engineers, review code, enforce best practices and ensure secure scalable deployments
Manage deployment and configurations of AWS native security tools: AWS Security Hub, Guard Duty, Config and Config rules, KMS encryption keys, VPC Security (NACLs, subnets)
Strong understanding of IAM Roles/Policies and Identity Federation, Encryption, KMS, secrets management
Work with DevOps teams to implement security best practices into CI/CD pipelines and infrastructure as code
Enforce controls for logging, encryption, network segmentation, patching, vulnerability management
Drive security automation for drift detection, patching, vulnerability remediation and compliance reporting
Oversee detection and response to security events in AWS
Manage threat investigations, root cause analysis remediation plans
Build and maintain runbooks, tabletop exercises and escalation paths
Implement and improve AWS security controls, guardrails and baseline configurations
Continuously evaluate AWS environments for cost-effective security improvements
Conduct threat modeling, vulnerability analysis and remediation coordination
Maintain AWS risk register, security assessments and internal controls
Ensure readiness for audits, SA&A, NIST, FISMA and FedRAMP
Manage evidence gathering, control testing and gap remediation. Work with external auditors and internal stakeholders during audit cycles
Conduct regular configuration reviews, vulnerability scans and compliance checks
Approve and reject new AWS architecture from a security standpoint
Partner with DevOps, engineering, development teams. Train teams on secure cloud practices.
Report risks, KPIs and metrics to senior leadership
Participate in on-call rotations to support 24/7 production systems and respond to incidents as they arise

Required Qualifications:
6+ years of experience in cloud security or cybersecurity
Strong experience managing or leading teams
Python or Bash scripting for automation
Understanding of AWS security controls, specific to identity, logging and encryption
Expert knowledge of AWS IAM, AWS KMS & encryption, AWS security services, CloudTrail/CloudWatch
Advanced hands-on experience writing and reviewing Terraform modules
Experience writing and operating AWS Lambda functions
Perform IAM policy and permissions audits to enforce least privilege
Ability to read and interpret access logs, cloud account configurations and IAM policies
Experience building and securing large multi-account AWS environments
Must be able to obtain and maintain a Public Trust clearance

Preferred Qualifications:
Cloud certification (AWS Cloud Practitioner, Security Specialty)
Security compliance or audit certification
Experience with container security (EKS/ECS)