Senior Cloud Security Engineer (L2)

The Sr. Cloud Security Engineer plays a key role in securing the organizations multi-cloud environment by enhancing visibility compliance and threat detection through Cloud Security Posture Management (CSPM) and workload protection tools. This role supports the onboarding and optimization of CSPM solutions helping to identify and remediate security risks while ensuring alignment with best practices.

Working closely with the Global Information and Cyber Security Defense (ICSD)team the engineer will manage and maintain cloud security platforms triage and fine-tune alerts and support incident response efforts. The ideal candidate combines strong analytical skills with hands-on cloud experience to enable secure and scalable cloud adoption across the organization.

In addition the individual will contribute to the broader Security Engineering team supporting the development and maintenance of the organizations security infrastructure. The ideal candidate combines a deep understanding of cybersecurity operations with a strong background in Cloud Security to build scalable resilient and secure systems.

Roles and Responsibilities:

• Serve as the subject matter expert for WTWs CSPM and CWPP tools managing daily operations integrations and ongoing optimization.
• Administer maintain fine-tune and automate threat and vulnerability management in the cloud using the CSPM solution
• Continuously refining detection rules and operational alerts within WTWs broader cloud security platforms to improve signal-to-noise ratio and enhance incident response effectiveness
• Implement and manage Cloud Security Tools.
• Leverage CSPM insights to identify emerging threats and misconfigurations in cloud environments (AWS Azure GCP).
• Work with internal Security DevOps and Engineering teams to ensure compliance and remediation of cloud security findings.
• Conduct cloud security risk assessments and drive remediation based on findings.
• Develop dashboards and reports using Cloud tools to measure cloud security posture effectiveness and trends.
• Maintain and enhance security monitoring logging and incident response capabilities for cloud environments (AWS Azure GCP)
• Support the administration and management of security tools within the Security Engineering team.
• Create technical documentation and deliver enablement sessions to enhance security awareness and practices within engineering teams.

Required Qualifications:

• 5 years of experience in Information Security Cloud Security or Security Engineering.
• Strong understanding of Azure configuration for securing resources and knowledge of compliance standards such as CIS NIST and ISO.
• Proficiency in CSPM tools such as Microsoft Defender for Cloud Wiz Orca Check Point Cloud Guard or similar.
• Strong understanding of cloud security frameworks and standards (CIS NIST CSA MITRE ATT&CK).
• Experience with cloud-native security controls including IAM KMS VPC security encryption logging and monitoring.
• Experience with SIEM/analytics tools (e.g. Microsoft Sentinel Splunk) particularly in the context of policy configuration fine-tuning and SOAR platforms.
• Functional knowledge of PowerShell Azure Automation Kusto Query Language (KQL) and terraform.
• Deep understanding of CI/CD pipelines and integrating security into DevOps workflows.
• Proven ability to deploy configure and maintain CSPM and CWPP tools in production environments.

Other Knowledge Skills and Abilities

• Strong communication and collaboration skills with proven experience working in cross-functional global teams.
• Strong problem-solving and critical thinking skills for addressing security issues and finding effective solutions.
• Outstanding written and verbal communication skills.
• Ability to work both independently and collaboratively in a fast-paced environment.
• Strong communication skills with the ability to explain security concepts to non-technical stakeholders.

Certifications (Preferred):

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Security Compliance and Identity Fundamentals (SC-900)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• CompTIA Security / CySA/ CASP
• Any other relevant cloud security certifications

Compensation and Benefits

Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that base salaries may vary for different individuals in the same role based on several factors including but not limited to location of the role individual competencies education/professional certifications qualifications/experience performance in the role and potential for revenue generation.

Compensation

The base salary compensation range being offered for this role is $100000-$120000 USD per year.

This role is also eligible for an annual short-term incentive bonus.

Company Benefits

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

• Health and Welfare Benefits:Medical (including prescription coverage) Dental Vision Health Savings Account Commuter Account Health Care and Dependent Care Flexible Spending Accounts Group Accident Group Critical Illness Life Insurance AD&D Group Legal Identify Theft Protection Wellbeing Program and Work/Life Resources (including Employee Assistance Program)
• Leave Benefits:Paid Holidays Annual Paid Time Off (includes paid state/local paid leave where required) Short-Term Disability Long-Term Disability Other Leaves (e.g. Bereavement FMLA ADA Jury Duty Military Leave and Parental and Adoption Leave)Paid Time Off
• Retirement Benefits:Contributory Pension Plan and Savings Plan (401k). All Level 38 and more senior roles may also be eligible for non-qualified Deferred Compensation and Deferred Savings Plans.

Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles County Fair Chance Ordinance for Employers we will consider for employment qualified applicants with arrest and conviction records.

Note that visa employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

This position will remain posted for a minimum of three business days from the date posted or until sufficient/appropriate candidate slate has been identified.

EOE including disability/vets