Senior Cloud Security Engineer

Role Summary

What Youll Do (Core Responsibilities)

Architect and Automate Secure Cloud Foundations

• Design and maintainsecure-by-default landing zonesandpaved road templatesfor AWS and Azure (network segmentation IAM baselines encryption logging monitoring backup and key management).
• Buildinfrastructure-as-code (IaC)modules with embedded controls (Terraform ARM/Bicep CloudFormation) and enforce them through CI/CD policy gates.
• Implement and manageCSPM/CWPP controlsusing tools such as Wiz Prisma Cloud or Defender for Cloud to continuously assess misconfigurations exposure and drift.
• Developpolicy-as-codeautomation with tools like Open Policy Agent (OPA) Conftest or Terraform Sentinel to enforce enterprise standards during build and deploy.

Secure Access Identity and Network Boundaries

• Engineer and maintainleast-privilege IAMandfederated access patternsacross AWS IAM Azure AD and hybrid workloads.
• Implementzero-trust networkandprivate connectivity architecturesusing Private Link VPC Peering Transit Gateways and Azure Virtual WAN.
• Integratesecrets and key management(AWS KMS Azure Key Vault) into developer workflows and CI/CD pipelines.
• Establish consistent patterns forcross-account role assumptionconditional access andmachine identity lifecycle management.

Defend and Detect in Cloud Environments

• Build and tunecloud-native detectionsfor suspicious activity (CloudTrail GuardDuty Security Hub Azure Defender and Sentinel analytics).
• Createthreat detection-as-codepipelines to codify detections alert thresholds and response actions.
• Partner with SOC and IR teams to provide enriched telemetry context and runbooks for cloud-specific threats (e.g. key misuse persistence techniques data exfiltration).
• Implementdata protectioncontrols for object and block storage (encryption at rest and in transit DLP policies cross-region replication hardening).

Enablement and Governance

• Translate complex cloud security risks intoactionable engineering guidance; contribute to secure coding and IaC standards.
• Act as atrusted advisorto platform DevOps and engineering teams during architecture and design reviews.
• Drive adoption ofcontinuous complianceframeworks (NIST 800-53 CIS ISO 27001 SOC 2) using automation and evidence collection.
• Publishdashboardsand metrics for coverage control health and SLA performance.

Vulnerability and Risk Management

• Integratecontainer and image scanninginto CI/CD and runtime (ECR ACR GitHub or Harness pipelines).
• Own triage for cloud misconfiguration findings and ensure risk-based prioritization using exposure exploitability and asset criticality.
• EscalateKEV or autowormablevulnerabilities as emergency response; coordinate patching or compensating controls.

Minimum Qualifications

• 5 yearsof hands-on experience inCloud Security Engineeringacrossboth AWS and Azureenterprise environments.
• Strong proficiency in at least oneinfrastructure-as-code language(Terraform Bicep CloudFormation) and familiarity withGit-based workflows.
• Deep knowledge ofidentity and access managementnetwork security andencryption key managementin multi-cloud architectures.
• Proficiency incloud-native security tooling(AWS Security Hub GuardDuty Macie Azure Defender Sentinel) and third-party platforms (Wiz Prisma Cloud or Orca).
• Experience embedding controls intoCI/CD pipelines(GitHub Actions Azure DevOps Jenkins GitLab Harness).
• Scripting skills (Python PowerShell or Bash) to automate control checks evidence collection and integrations.
• Practical understanding ofcontainer security(EKS AKS)serverless security andcloud networking.

Preferred Qualifications

• Familiarity withNIST SSDFCIS BenchmarksMITRE ATT&CK for Cloud andSLSAframeworks.
• Experience implementingcross-cloud governance frameworks(AWS Control Tower Azure Landing Zones or enterprise multi-account architecture).
• Understanding ofincident responsein cloud environments containment forensics and recovery in distributed systems.
• Relevant certifications (e.g. AWS Certified Security Specialty Azure Security Engineer Associate GCSA GCFA or CCSP).

Behavioral Competencies

• Enablement first:you empower engineering teams through reusable patterns not policy bottlenecks.
• Automation mindset:you treat security controls as code versioned tested and continuously improved.
• Curiosity and collaboration:you thrive in complex fast-moving environments and build trust across functions.
• Clear communicator:you translate risk into engineering work and business impact

#Auris

Candidates should be comfortable with an on-site presence to support collaboration team leadership and cross-functional partnership.

Why Join Us:

At Acrisure were building more than a business were building a community where people can grow thrive and make an impact. Our benefits are designed to support every dimension of your life from your health and finances to your family and future.

Making a lasting impact on the communities it serves Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Childrens Hospital in Grand Rapids Michigan UPMC Childrens Hospital in Pittsburgh Pennsylvania and Blythedale Childrens Hospital in Valhalla New York.

Employee Benefits

We also offer our employees a comprehensive suite of benefits and perks including:

• Physical Wellness: Comprehensive medical insurance dental insurance and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.

• Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.

• Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.

• Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.

• and so much more!

This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.

Acrisure is an Equal Opportunity Employer. We consider qualified applicants without regard to race color religion sex national origin disability or protected veteran status. Applicants may request reasonable accommodation by contacting .

California Residents: Learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy.

Recruitment Fraud: Please visit here to learn more about our Recruitment Fraud Notice.

Welcome your new opportunity awaits you.