Staff AWS Cloud Security Engineer
Zoox
Zoox Cybersecurity is seeking a AWS Cloud Security Engineer to lead the design and implementation of secure, scalable, and software-defined infrastructure in our AWS cloud environment. This role is responsible for establishing best-in-class security practices across AWS, driving automation-first infrastructure security, and partnering with engineering and platform teams to embed security into every layer of our technology stack. You’ll act as a security champion, ensuring that infrastructure designs meet the highest standards of confidentiality, integrity, and availability. While maintaining operational efficiency and scalability through Infrastructure as Code (IaC). This role requires a strategic thinker with deep technical expertise in cloud security architecture, network security principles, and cloud-native vulnerability management.
The ideal candidate will blend hands-on technical skills with leadership capabilities to guide both security initiatives and team development.
In This Role, You Will...
- Design and implement enterprise-grade AWS security architectures using zero-trust principles
- Develop organization-wide security standards for IAM, VPC configurations, and data protection mechanisms
- Architect multi-account AWS environments with Security Hub, GuardDuty, and AWS Config integrations
- Lead Cloud Security Posture Management (CSPM) initiatives using Infrastructure-as-Code (Terraform/CloudFormation)
- Design and support secure network architectures using AWS constructs (TGW, GWLB, Firewalls)
- Implement layered defenses with WAF, Firewalls, Security Groups, and Network ACLs
- Optimize security controls for hybrid cloud environments and SD-WAN integrations
- Establish risk-based vulnerability prioritization frameworks for cloud assets
- Develop automated remediation pipelines using CI/CD tools and OPA policies
- Conduct attack surface analysis through cloud-specific threat modeling
- Mentor a team of 2 or more Cloud Security Analysts
- Lead cross-functional collaboration with SRE, ProdSec, IT, and Software Engineering teams
- Develop security training programs and cloud security certification paths
- Oversee vendor relationships for cloud security tooling and services
- Proven experience developing security analysts through mentorship
- Strong background in creating security policy frameworks and technical documentation
Cloud Security Engineering and Architecture
Cloud Vulnerability Management
Leadership Expectations
Qualifications
- 10+ years of Security Engineering experience supporting production and/or DevOps environments, both Cloud and On-premises, along with proficiency with security automation using Python/Go and/or Terraform
- Experience implementing, administering, and supporting Cloud platform system/network vulnerability scanning tool(s), and development of microservice-based architectures
- Deep understanding of NIST CSF, MITRE ATT&CK Cloud Matrix, and CIS AWS Benchmarks
- Strong understanding of vulnerability scoring frameworks and business risk decision making
- Experience with: hybrid enterprise environments (cloud plus on-premises data centers); DevOps tools, artifact repositories, and Infra-as-code technology; dashboard technologies.
- Expert-level AWS security implementation experience
Bonus Qualifications
- AWS Certifications / AWS Certified Security - Specialty
- XSOAR (preferably Palo Alto Networks) and general automation development experience Experience with shell scripting, API usage and integration in Linux and Windows
- Palo Alto Networks Certified Security Engineer
219000 - 263000 USD a year