This is a Cyber Security Engineering position at VP which is part of the job family responsible for providing specialist cyber expertise and creating solutions that protect the organization's systems and networks against actual and potential security threats and vulnerabilities.
Lead the design and implementation of deploy-time security controls for cloud services across Azure, AWS, and GCP, using OPA (Rego) and Regula
Translate firm-wide configuration baseline requirements into enforceable policy-as-code controls integrated directly into Terraform workflows and CI/CD pipelines
Own end-to-end control implementation lifecycle: requirement interpretation, policy authoring, testing, optimization, and deployment within engineering pipelines.
Establish and maintain reusable policy libraries and modules to ensure consistency and scalability of controls across services and environments.
Provide deep technical expertise in Terraform, infrastructure-as-code- patterns, and pipeline orchestration, ensuring secure and efficient deployments.
Define and implement testing strategies for policy validation, including unit and integration testing.
Identify gaps where requirements cannot be enforced at deploy-time and propose compensating controls or alternative enforcement points.
Contribute to the evolution of a unified control framework, enabling consistent control logic across deploy-time and runtime evaluation points
Contribute to cloud security strategy and standards.
Lead and develop a team of engineers responsible for deploy-time control implementation, setting technical direction and ensuring high-quality delivery
Provide hands-on mentorship and coaching in OPA/Rego, Regula, Terraform, and secure pipeline design.
Manage performance, provide actionable feedback, and support career development for team members
Foster a high-accountability, low-friction operating model, reducing handoffs and accelerating baseline delivery.
7+ years of hands-on experience in cloud security engineering, with a strong focus on infrastructure-as-code and deployment pipelines.
Bachelor's degree in computer science, Information Security, or a related field, or equivalent experience.
Proven experience designing and implementing policy-as-code controls using OPA (Rego) and/or Regular in production environments.
Deep hands-on expertise with Terraform, including module design, state management, and secure configuration patterns.
Strong experience integrating security controls into CI/CD pipelines, including gating and enforcement mechanisms.
Demonstrated ability to translate security requirements into automated, testable, and enforceable controls at deploy-time.
Solid understanding of cloud security architectures across AWS, Azure, and/or GCP, including IM, networking, and data protection controls.
Experience implementing control validation and testing strategies, including policy unit testing, pipeline validation, and drift detection.
Familiarity with CSPM platforms and the ability to align deploy-time controls with runtime detection and compliance models.
Strong understanding of modern threat models, attack paths, and misconfigurations risks in cloud environments, and how to mitigate them through preventive controls.
Experience building and maintaining reusable policy libraries and shared control frameworks at enterprise scale.
Proven experience leading a team of engineers, including task prioritization, delivery oversight, and technical direction setting
Demonstrated ability to mentor and develop engineers, particularly in policy-as-code, Terraform, and secure pipeline practices.
Experience establishing code quality standards, review processes, and engineering best practices for IaC and policy development.
Strong stakeholder management skills, with the ability to partner effectively with platform engineering, security architecture, and application teams.
Ability to communicate complex technical concepts clearly to both engineering audiences and senior leadership.
