Senior Cloud Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Auris | formerly Heartland · 9 hours ago

Senior Cloud Security Engineer

positionOklahoma City, OK
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Auris, formerly known as Heartland, is seeking a Senior Cloud Security Engineer who will be responsible for building, automating, and scaling security controls across AWS and Azure environments. The role involves designing secure infrastructure patterns, implementing cloud security measures, and ensuring compliance while enabling innovation.

Financial Services

Responsibilities

Design and maintain secure-by-default landing zones and paved road templates for AWS and Azure (network segmentation, IAM baselines, encryption, logging, monitoring, backup, and key management)
Build infrastructure-as-code (IaC) modules with embedded controls (Terraform, ARM/Bicep, CloudFormation) and enforce them through CI/CD policy gates
Implement and manage CSPM/CWPP controls using tools such as Wiz, Prisma Cloud, or Defender for Cloud to continuously assess misconfigurations, exposure, and drift
Develop policy-as-code automation with tools like Open Policy Agent (OPA), Conftest, or Terraform Sentinel to enforce enterprise standards during build and deploy
Engineer and maintain least-privilege IAM and federated access patterns across AWS IAM, Azure AD, and hybrid workloads
Implement zero-trust network and private connectivity architectures using Private Link, VPC Peering, Transit Gateways, and Azure Virtual WAN
Integrate secrets and key management (AWS KMS, Azure Key Vault) into developer workflows and CI/CD pipelines
Establish consistent patterns for cross-account role assumption, conditional access, and machine identity lifecycle management
Build and tune cloud-native detections for suspicious activity (CloudTrail, GuardDuty, Security Hub, Azure Defender, and Sentinel analytics)
Create threat detection-as-code pipelines to codify detections, alert thresholds, and response actions
Partner with SOC and IR teams to provide enriched telemetry, context, and runbooks for cloud-specific threats (e.g., key misuse, persistence techniques, data exfiltration)
Implement data protection controls for object and block storage (encryption at rest and in transit, DLP policies, cross-region replication hardening)
Translate complex cloud security risks into actionable engineering guidance; contribute to secure coding and IaC standards
Act as a trusted advisor to platform, DevOps, and engineering teams during architecture and design reviews
Drive adoption of continuous compliance frameworks (NIST 800-53, CIS, ISO 27001, SOC 2) using automation and evidence collection
Publish dashboards and metrics for coverage, control health, and SLA performance
Integrate container and image scanning into CI/CD and runtime (ECR, ACR, GitHub, or Harness pipelines)
Own triage for cloud misconfiguration findings and ensure risk-based prioritization using exposure, exploitability, and asset criticality
Escalate KEV or autowormable vulnerabilities as emergency response; coordinate patching or compensating controls

Qualification

AWSAzureInfrastructure-as-CodeCloud Security ToolingIdentityAccess ManagementScripting (Python)CI/CD IntegrationContainer SecurityIncident ResponseCuriosityClear CommunicationCollaboration

Required

5+ years of hands-on experience in Cloud Security Engineering across both AWS and Azure enterprise environments
Strong proficiency in at least one infrastructure-as-code language (Terraform, Bicep, CloudFormation) and familiarity with Git-based workflows
Deep knowledge of identity and access management, network security, and encryption key management in multi-cloud architectures
Proficiency in cloud-native security tooling (AWS Security Hub, GuardDuty, Macie, Azure Defender, Sentinel) and third-party platforms (Wiz, Prisma Cloud, or Orca)
Experience embedding controls into CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins, GitLab, Harness)
Scripting skills (Python, PowerShell, or Bash) to automate control checks, evidence collection, and integrations
Practical understanding of container security (EKS, AKS), serverless security, and cloud networking

Preferred

Familiarity with NIST SSDF, CIS Benchmarks, MITRE ATT&CK for Cloud, and SLSA frameworks
Experience implementing cross-cloud governance frameworks (AWS Control Tower, Azure Landing Zones, or enterprise multi-account architecture)
Understanding of incident response in cloud environments — containment, forensics, and recovery in distributed systems
Relevant certifications (e.g., AWS Certified Security – Specialty, Azure Security Engineer Associate, GCSA, GCFA, or CCSP)

Benefits

Comprehensive medical insurance, dental insurance, and vision insurance
Life and disability insurance
Fertility benefits
Wellness resources
Paid sick time
Generous paid time off and holidays
Employee Assistance Program (EAP)
Complimentary Calm app subscription
Immediate vesting in a 401(k) plan
Health Savings Account (HSA) and Flexible Spending Account (FSA) options
Commuter benefits
Employee discount programs
Paid maternity leave and paid paternity leave (including for adoptive parents)
Legal plan options
Pet insurance coverage

Company

Auris | formerly Heartland

twitter
company-logo
Auris™ is the payroll and HR partner built for small and medium-sized businesses who can’t afford to get it wrong.
dateFounded in 2014
location
Oklahoma City, Oklahoma, US
people-size1001-5000 employees
web-link
https://www.auris.io/

Funding

Current Stage
Late Stage
Company data provided by crunchbase