What We Are Looking ForAs we continue to scale our cloud footprint and regulated offerings, we are expanding our Cloud Security team with a Senior Cloud Security Engineer who thrives at the intersection of cloud platforms, security engineering, networking, and automation.
We are looking for a
Senior Cloud Security Engineer to help build secure-by-default cloud platforms across Azure and AWS. This is an engineering-focused role centered on preventive controls, scalable guardrails, Kubernetes security, network security, and automation, not a SOC or incident-response-first position.
Primary focus areas: cloud security guardrails, Kubernetes security, cloud network controls, and automation across Azure and AWS
What You Will Do- You will own the security architecture, guardrails, and automation patterns, while partnering with platform and infrastructure teams on implementation.
- Own and evolve Cloud Security Posture Management (CSPM) capabilities, including policies, guardrails, and automated remediation.
- Engineer and maintain cloud network security controls, including network segmentation and isolation, cloud-native firewalls and security groups, Application Gateway / WAF configurations, and secure ingress and egress patterns.
- Define and enforce security best practices for Kubernetes environments (AKS/EKS), including RBAC, network policies, workload isolation, and cluster hardening.
- Partner with engineering teams on architecture reviews for new services, platforms, and major changes, helping teams design secure, compliant, and practical solutions.
- Engineer and maintain identity and access security controls for cloud and production environments, including least privilege, workload identity, service principals, and conditional access.
- Apply a security lens to FinOps, defining guardrails that balance cost optimization with security and compliance.
- Develop tooling, automation, and self-service workflows that reduce manual effort and improve consistency across security programs.
- Communicate complex security risks and technical recommendations clearly to engineering teams, leadership, and cross-functional stakeholders.
- Mentor junior engineers and contribute to raising the overall security maturity of the organization.
What You Will Bring (Required)- 6+ years of experience in cloud security, security engineering, or cloud platform engineering roles.
- Deep hands-on security experience in Azure or AWS is required; experience across both is strongly preferred.
- Hands-on experience securing production AKS/EKS environments, including RBAC, network policies, workload identity, admission controls, image/runtime controls, and cluster hardening.
- Proven experience with cloud network security, including firewalls, WAFs, network segmentation, and secure connectivity patterns.
- Strong understanding of cloud security architecture, including shared responsibility models, secure service design, and defense-in-depth.
- Experience with preventative security controls, including CSPM, policy enforcement, and secure cloud baselines.
- Cloud automation experience using Infrastructure as Code tools such as Terraform, Bicep, or CloudFormation, plus scripting with Python, PowerShell, Bash, or similar languages.
- Ability to operate independently, own complex problem spaces, and deliver practical, scalable solutions.
- Strong communication skills and comfort providing architecture-level guidance to engineering teams.
- Experience working in regulated environments
Bonus Points- Experience contributing to or supporting compliance programs such as FedRAMP, SOC 2, ISO 27001, or NIST frameworks.
- Familiarity with CI/CD pipelines and DevSecOps practices.
- Experience with identity and access management in cloud environments (RBAC, workload identity, service principals) is a strong plus.
What Success Looks Like • Secure by default cloud patterns are documented, automated, and adopted by engineering teams.
• CSPM findings are prioritized, routed, and remediated through repeatable workflows.
• Kubernetes and cloud network controls are consistently implemented across production environments.
• Engineering teams receive practical security guidance early in design, not after deployment.
**Semperis maintains office locations in several cities across the globe. Where the job description specifies a required location, candidates will follow our hybrid work model. This includes working up to three days per week and remotely the remaining days.