Senior Cloud Security Engineer

Metasys Technologies, Inc.

GA

Apply

JOB DETAILS

JOB TYPE

Full-time

SKILLS

AWS Lambda, Amazon Web Services (AWS), Automation, Broadband, Career Development, Cloud Architecture, Cloud Computing, Communication Skills, Computer Security, Consulting, Cryptography, Customer Relations, DevOps, Documentation, English Language, Environmental Regulations, FIPS (Federal Information Processing Standards) 140, GCP (Good Clinical Practices), GitHub, Identity Federation, Link Performance, Machine Tool, Mentoring, Microsoft Windows Azure, Multiplatform/Cross-Platform, Onboarding, Performance Reviews, Policy Development, Presentation/Verbal Skills, Protocol Independent Multicast (PIM), Python Programming/Scripting Language, Security Architecture, Security Assertion Markup Language (SAML), Security Information and Event Management (SIEM), Security Infrastructure, Software Engineering, Software Patches, Technical Leadership, Time Management, U.S. National Institute of Standards and Technology (NIST), United States Citizen, Writing Skills

LOCATION

POSTED

14 days ago

Senior Cloud Security Engineer Perm Role Remote Role Client is seeking a Senior Cloud Security Engineer who is a builder at heart with deep expertise in at least one cloud provider (Azure strongly preferred), and working knowledge of others. In this role, you wont just "assess" or "advise, you will engineer and deploy security infrastructure across major cloud platforms. You will be responsible for building hardened landing zones, automating IAM lifecycles, and writing the Terraform modules that define our clients' security posture. This is not a GRC, audit, or advisory role. Candidates must have direct, hands-on experience building and remediating cloud environments using Terraform, in addition to native cloud tooling. This is a high-impact engineering role for someone who prefers a terminal to a spreadsheet and believes that security is best delivered through code and control, not just compliance checklists. What You'll Do Engineer Security via IaC: Design and maintain reusable Terraform modules for IAM, networking, and logging. Implement security controls directly via Terraform and CloudFormation to ensure consistent, drift-resistant environments. Hands-on experience required (must have built reusable modules). Build Cloud Architecture: Deploy and manage AWS multi-account structures (Organizations, SCPs, Landing Zones) and Azure Hub-Spoke/Landing Zone architectures. Own Identity & Access: Implement least-privilege IAM using RBAC/ABAC, cross-account trust relationships, and permission boundaries. Automate identity lifecycles (JIT/PIM) and federate identities via Okta or Entra ID (SAML/OIDC). Direct Remediation: Dont just identify misconfigurations - fix them. Own the remediation of vulnerabilities through engineering changes, patch automation, and configuration drift correction. Automate Security Ops: Develop automated remediation workflows using Lambda, Azure Functions, and Python scripts. Integrate SAST/DAST and secret scanning directly into GitHub Actions or Azure DevOps pipelines. Configure Native Security Stacks: Hands-on implementation and tuning of AWS GuardDuty, Security Hub, and Config, as well as Azure Sentinel and Defender for Cloud. Build cloud-native logging pipelines for SIEM ingestion. Network & Encryption Engineering: Design VPCs, security groups, and network segmentation. Implement WAFs (AWS WAF, Azure Front Door) and manage full-lifecycle encryption using KMS and Key Vault. Technical Compliance Implementation: Hands-on implementation of NIST 800-53 controls in cloud environments, including logging, IAM, encryption, and boundary design. Experience supporting FedRAMP or CMMC environments preferred Client facing: You will interface directly with clients, lead technical discussions, and take ownership of cloud security tasks and overall outcomes. Will own multiple clients engagements, balancing effective time management with expeditious communication. Who You Are The Builder Mindset: You have a track record of building and deploying security infrastructure. You are comfortable writing OPA policies (Policy-as-Code) and managing secrets in Vault or AWS Secrets Manager. Cloud Native: You are an expert in the technical nuances of AWS, GCP, or Azure. You understand the difference between a "compliance map" and a "technical control". You have direct experience remediating cloud security issues. IaC Expert : Proficiency in Terraform is mandatory. You should be able to discuss module versioning, state management, and provider-specific security nuances. Identity Specialist : You have a deep understanding of SAML/OIDC, cross-account IAM roles, and how to enforce least privilege without breaking developer workflows. Communication : Strong verbal presence. You can lead technical workshops and explain complex architecture to engineering teams with confidence and clarity. Solution-minded and multi-focused: You thrive in fast-paced environments with multiple clients and competing priorities. You can quickly assess unfamiliar environments and execute remediation without perfect documentation. Nice to Have Relevant technical certifications: AWS Certified Security Specialty, GCP Professional Security Engineer, or Azure Security Engineer Associate. Experience with FIPS 140 encryption implementation. Experience with CMMC enclave builds or FedRAMP security architecture implementation . Experience with containerization runtime security controls. What We Offer Career Development: Clear path with mentorship and training opportunities Technical Training: Comprehensive onboarding on security and compliance frameworks Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities. Growth Opportunity: Early-stage company with significant room for career advancement. Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team. Work Environment Requirements Reliable high-speed internet connection. Quiet, professional home office setup. Must be amenable to working US Eastern Time zone hours. Fluency in written and verbal English communication skills. U.S. Citizenship & Residency: Must be a U.S. Citizen and currently based in the United States. (No exceptions or sponsorship available). Requirement: Big 4/big consulting experience - seeking 3 to 10 years with a big consulting firm & early career Candidates need to be fine with a fast-paced high growth environment. Metasys Technologies is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identify, national origin, veteran or disability status.

About the Company

Metasys Technologies, Inc.

With over 15 years of experience, Metasys Technologies (MTI) provides consultants with rewarding career opportunities in a multitude of organizations.

Rated by The Atlanta Business Chronicle as one of the best places to work, MTI provides our consultants with opportunities for growth and recognition. MTI has a nationwide network of clients including Fortune 50 companies and numerous medium to small sized businesses.

We offer opportunities in I.T. Professional Services, Finance & Accounting, and Business Professional Services.

Our tools and consultant care program help you with the interview process and provide you with continuous guidance and insight.

If you are a candidate looking for career growth or change, we can help you find a career that matches your aspirations.

COMPANY SIZE

100 to 499 employees

INDUSTRY

Computer/IT Services

FOUNDED

2000

WEBSITE

http://metasysinc.com/