Cloud Security Manager

Company:

The Boeing Company is looking for a Cloud Security Manager to join the team in Seattle WA; North Charleston SC; Chicago IL; El Segundo CA; Mesa AZ; San Diego CA; Berkeley MO; Hazelwood MO.

The Cloud Security & Policy-as-Code Manager will lead the team that translates security and regulatory requirements into automated enforceable cloud and Kubernetes guardrails. You will own policy lifecycle admission control continuous compliance automation and security posture reporting across multi-cloud environments. This role combines people leadership cross-functional influence and handson technical work to build scalable auditable controls that enable rapid compliant delivery.

Position Responsibilities:

• Lead and grow the Policy-as-Code team responsible for security and compliance controls across Azure Amazon Web Services (AWS) and Google Cloud Platform (GCP)

• Define and operate a unified guardrail framework that enforces both security and compliance requirements (policy-as-code admission controllers Terraform guardrails)

• Own the policy lifecycle: authoring testing versioning staged rollout monitoring and deprecation of automated policies

• Build continuous compliance automation: evidence collection attestations audit reporting and remediation workflows that reduce manual audit effort

• Integrate policy enforcement into Continuous Integration (CI)/Continuous Delivery (CD) Infrastructure as Code (IaC) pipelines Developer Experience (DevEx) workflows and account provisioning operated by Foundations

• Establish operability criteria for policy enforcement (performance false-positive tolerance rollback procedures) and require operability signoff prior to production enforcement

• Drive cross-team collaboration with Cloud Foundations Platform Acceleration DevEx Runtime Site Reliability Engineer (SRE) Legal & Compliance and Enterprise Security to ensure policies are accurate testable and adoptable

• Respond to high-severity security or compliance incidents affecting the platform; lead technical remediation and convert findings into durable policy or platform changes

• Track and report security and compliance Key Performance Indicators (KPIs); use telemetry to prioritize policy coverage and reduce risk

• Contribute hands-on to critical policy implementations admission controller integrations or automation scripts as needed

BasicQualifications (Required Skills/Experience):

• 5 years of experience in cloud security platform security engineering and/or cloud engineering

• 5 years of experience implementing policy-as-code and admission control for cloud and Kubernetes (e.g. Azure Policy AWS Configuration GCP Organization Policy Open Policy Agent (OPA)/Gatekeeper Coverity)

• 3 years of experience in leadership and/or team lead capacity

• 3 years of experience with cloud provider security primitives and compliance controls across Azure AWS and GCP (identity encryption networking logging)

• 3 years of experience automating security and compliance controls in IaC and CI/CD pipelines (Terraform policy checks pre-commit scanning pipeline gates)

• Experience producing automated audit evidence and supporting compliance frameworks (National Institute of Standard Technology (NIST) Federal Risk and Authorization management Program (FedRAMP) Service Organization Control 2 (SOC2) or equivalent)

• Ability and willingness to perform hands-on technical work (policy modules admission controllers automation) alongside managerial duties

Preferred Qualifications (Desired Skills/Experience):

• Experience with excellent stakeholder management and communication skills

• Experience influencing architecture platform and development teams

• Experienced in feeding policy and telemetry into security event/correlation platforms and building automated incident response and orchestration workflows including tying policy signals to continuous-compliance tooling and automated drift remediation

• Experience coding or scripting proficiency (Go Python or similar)

• Experience authoring reusable IaC modules and test harnesses

• Experience with Kubernetes runtime security secrets management and pod security posture (Center for Internet Security (CIS) Pod Security Admission (PSA)/Pod Security Policy (PSP) alternatives)

• Experience in regulated industries and/or with enterprise audit processes

Conflict Of Interest:

Successful Candidates for this job must satisfy the Companys Conflict Of Interest (COI) assessment process.

Drug Free Workplace:

Boeingis a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana cocaine opioids amphetamines PCP and alcohol when criteria is met as outlined in our policies.

Pay & Benefits:

At Boeing we strive to deliver a Total Rewards package that will attract engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs generally including health insurance flexible spending accounts health savings accounts retirement savings plans life and disability insurance programs and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location date of hire and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications as well as market and business considerations.

Summary pay range: $161500 - $233450

Language Requirements:

Education:

Relocation:

Export Control Requirement:

Safety Sensitive:

Security Clearance:

Visa Sponsorship:

Contingent Upon Award Program

Shift:

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning