Cloud Security Engineer (W2 Role)
6+ Months Contract with Possibility of extension
Atlanta, GA (100% Remote)
Role Summary
Cloud engineering contractor supporting the Cox Communications Cloud Security organization through ongoing merger integration. The role supplements existing senior personnel by executing against defined backlogs across AWS security automation, log pipeline buildout, and platform operations. Expectation is hands-on delivery —Terraform, IAM, logging infrastructure, and runbook development —not strategic architecture leadership.
Responsibilities:
Manage and support AWS cloud infrastructure (IAM, VPC, S3, KMS, CloudTrail, Config, Organizations)
Develop and maintain Terraform modules for infrastructure automation
Build automation scripts using Python (boto3) for cloud operations
Support CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI)
Work on incident management, troubleshooting, and production support
Maintain logging and monitoring pipelines for cloud environments
Participate in escalation support and resolve critical production issues
What are your top 3-5 MUST HAVEs OR REQUIRED skillset:
AWS experience, OCI experience a plus
Automation focused - python, Terraform, etc.
Bonus points if Hashi Corp / CyberArk development experience
Required Experience (4–6 Years)
• Multi-cloud engineering —production AWS experience across IAM, S3, VPC, CloudTrail, Config, and Organizations/SCPs;familiarity with at least one additional provider (GCP preferred, OCI a plus).
• Infrastructure automation —Terraform module authoring and maintenance, working within established module standards and CI-validated workflows.
• Scripting —Python for automation, Lambda functions, and event-driven processing;comfortable with AWS SDK (boto3).
• CI/CD —pipeline experience with GitHub Actions, GitLab CI, Jenkins, or equivalent.
• Security fundamentals —least-privilege IAM design, SCP authoring, cross-account trust patterns, and KMS key management.
Preferred / Bonus Skills
• Hashi Corp Vault —operational experience or pipeline integration (audit logs, AppRole, dynamic secrets)
• CyberArk —PAM/PSM administration or integration work
• AWS Bedrock or other GenAI service integration (IAM, knowledge bases, guardrails, invocation logging)
• Oracle Cloud Infrastructure (OCI) —IAM, networking, hybrid connectivity to AWS
• Detection-as-code, Event Bridge rule authoring, or SIEM/SOAR integration
Scope of Work
• Terraform Module Development —Build and maintain reusable modules for IAM roles, permission boundaries, cross-account trust, S3 baselines with Access Points, VPC endpoints, and KMS. Work within existing module repo and review workflows.
• SCP & IAM Guardrail Implementation —Execute against the SCP roadmap defined by Cloud Security: author, test in sandbox OUs, roll out, and document policies supporting merger-driven account expansion.
• Log Pipeline & AI Analysis Agent Support —Provision CloudTrail org trails, Config aggregators, and cross-account log replication via Terraform;build CloudWatch-to-Kinesis and Event Bridge-to-SQS ingestion paths feeding the multi-agent Bedrock analysis pipeline;support Lambda-based categorization, batching, and enrichment;assist with Bedrock IAM, knowledge base S3/SSM wiring, and guardrail configuration.
• OCI Integration & Hybrid Connectivity —Support hybrid AWS-to-OCI work tied to Oracle EBS/ODS integration: IAM compartments, Fast Connect/VCN validation, and identity federation with AWS IAM Identity Center.
• Platform Operations & Runbooks —Triage IAM, S3, networking, and cross-account access issues;build a library of operational runbooks aligned to internal documentation standards.