Requirements
- At least five years of hands-on experience designing AWS architectures and managing large-scale AWS workloads
- In-depth expertise in AWS networking, data protection, identity and access management, automation, and native security services
- Proven understanding of modern security approaches for AI and machine learning workloads on AWS, including SageMaker hardening, guardrails for generative AI via Bedrock, and data controls for model training and inference
- Solid grasp of identity and access management models such as role-based and attribute-based access control, federated identity, permission boundaries, service control policies, and resource control policies
- Proficiency with infrastructure-as-code tools like Terraform, CloudFormation, or AWS CDK, along with secure software development practices
- Hands-on experience using cloud infrastructure entitlement management (CIEM), cloud security posture management (CSPM), or cloud workload protection platforms (CWPP)
- Familiarity with DevSecOps methodologies and embedding security into continuous integration and continuous delivery pipelines
- Strong scripting abilities using languages such as Python, Bash, or PowerShell to automate security tasks
- Experience securing containerized environments, particularly Amazon EKS and other managed Kubernetes services, with knowledge of pod security, role-based access, network policies, and container hardening
Nice to Have
- Minimum of two years working within an internal IT or security team (non-consulting) to understand organizational ownership, operational constraints, and internal collaboration dynamics
- Working familiarity with the Cloud Security Alliance’s Cloud Control Matrix (CCM)
- Ability to perform threat modeling for cloud infrastructure, conduct risk assessments, and align security controls with standards such as NIST, CIS, and MITRE ATT&CK
Work Arrangement
Remote (Worldwide) — Anywhere in the U.S.)
