Cloud Security Engineer

Job Title: Cloud Security Engineer

Location: Onsite in Boise, ID or Phoenix, AZ

Duration: 6 months - contract to hire

Job Summary:

The Cloud Security Engineer is a technical leader responsible for designing, implementing, and continuously enhancing the security of our cloud infrastructure and SaaS ecosystem. This role collaborates with IT and business teams to embed security across cloud and SaaS deployments, proactively identifying risks, and driving strategic security improvements. The ideal candidate has deep knowledge of cloud and SaaS security, strong security engineering expertise, and leadership capabilities for complex cross-domain projects.

Typical Duties and Responsibilities

Cloud Security

• Lead the security design and implementation of cloud architectures (AWS, Azure, and/or Google Cloud Platform)
• Develop and maintain cloud security strategies, standards, and reference architectures
• Review and approve cloud deployment designs to ensure compliance with security best practices
• Evaluate and recommend emerging cloud security technologies and improvements
• Implement and manage Cloud Security Posture Management (CSPM), and other cloud security solutions, to monitor cloud configurations and prevent/detect malicious behavior.
• Align controls with applicable compliance frameworks (CIS, NIST, SOC 2, ISO 27001, etc.)

SaaS Security

• Define and maintain SaaS security standards and reference architectures, integrated with overall security posture
• Implement and manage SaaS Security Posture Management (SSPM) solution to continuously monitor and enforce secure configurations
• Ensure strong identity and access management (IAM) for SaaS — enforce SSO, MFA, provisioning and deprovisioning workflows
• Provide standards and guidelines for securing SaaS integrations and third-party connections.

Secure Configuration, Governance and Compliance

• Lead cloud and SaaS security assessments, configuration audits, and remediation planning when misconfigurations or drift are detected
• Monitor cloud infrastructure and SaaS platforms for suspicious activity, risky configuration changes, unauthorized access, and abnormal user behavior
• Develop and maintain cloud and SaaS detections, alerts, and incident response workflows
• Perform investigations of cloud and SaaS related threats or incidents; conduct root-cause analysis and implement preventative measures to prevent recurrence
• Identify, evaluate, and prioritize risks across cloud and SaaS environments — covering vulnerabilities, misconfigurations, and penetration test or audit findings.
• Collaborate with business and IT stakeholders to define mitigation strategies and risk treatment plans
• Perform other duties as assigned or needed.

Required Education/Experience/Skills

• Bachelors in a technology related discipline or demonstrated equivalent experience.
• At least 6 years Cloud Security, Cyber Security or Cloud Engineering experience.
• Applying knowledge of a variety of information security tools and concepts.
• Design and Engineering of Endpoint Security, Identity Management, or other security related concepts.
• Applying proficiency in 2 or more of the following (or similar): Cloud/SaaS Security, SIEM, EDR, Web Security, Firewall, Email Security, NDR, Password Management, Privileged Access Management, PCI Compliance, Identity Management, GRC, Vulnerability Management, Single Sign On, MFA, BCP, DR.
• Exhibiting strong analytical and problem-solving skills with keen attention to detail.
• Be on-call to trouble-shoot emergencies and respond to security incidents.
• Implementing and managing security tools or best practices for server, endpoint, cloud, network or other systems.
• Displaying thought leadership to solve for complex security problems.

Preferred Qualifications

• Retail experience
• Cloud security certifications
• Vendor certifications in cloud or SaaS security solutions
• Security+
• CISSP