Security & Policy Engineer

Security & Policy Engineer

Location: Scottsdale, AZ (Onsite)

Contract 2 Hire

Summary:

Join our security engineering team to design and enforce policy-driven cloud security frameworks. This role ensures FinTech-grade controls, Zero Trust, and compliance automation across our AWS environments.

Key Responsibilities:

• Define and manage IAM roles/policies, Security Groups, and NACLs
• Implement OPA (Open Policy Agent) and Policy-as-Code for multi-cloud/Kubernetes governance
• Automate compliance enforcement for PCI-DSS, SOC 2, ISO 27001, and internal audits
• Contribute to Zero Trust Architecture, micro-segmentation, and privileged access governance
• Collaborate with DevOps and Platform teams to embed security in pipelines (DevSecOps)
• Monitor and respond to alerts from GuardDuty, Config, CloudTrail, and external SIEMs

Required Skills:

• Strong expertise in AWS IAM, cross-account access, Secrets Manager, and Identity Federation
• Hands-on experience with OPA, Rego, and tools like Gatekeeper/Kyverno
• Knowledge of encryption mechanisms (KMS, CMK), secure key rotation, and access audits
• Experience in continuous compliance checks, audit readiness, and GRC platforms
• Background in incident response, threat modeling, and cloud-native security tools
• Experience protecting PII, financial transaction data, and meeting security SLAs
• Understanding of token-based access, SSO integration, and access boundary controls
• Advanced degrees and certifications such as CISSP, AWS Certified Security Specialty, or similar are a plus