Senior Cloud Security Engineer

Join to apply for the Senior Cloud Security Engineer role at Auris | formerly Heartland Role Summary You will be a hands‑on cloud security engineer who builds, automates, and scales controls across AWS and Azure environments. You’ll design paved‑road patterns for secure infrastructure, codify guardrails as policy‑as‑code, and partner with platform and application teams to make secure deployment the default. Success in this role means building trust in the cloud through automation, ensuring every workload is observable, compliant, and resilient — without slowing innovation. Core Responsibilities Architect and Automate Secure Cloud Foundations Design and maintain secure‑by‑default landing zones and paved road templates for AWS and Azure (network segmentation, IAM baselines, encryption, logging, monitoring, backup, and key management). Build infrastructure‑as‑code (IaC) modules with embedded controls (Terraform, ARM/Bicep, CloudFormation) and enforce them through CI/CD policy gates. Implement and manage CSPM/CWPP controls using tools such as Wiz, Prisma Cloud, or Defender for Cloud to continuously assess misconfigurations, exposure, and drift. Develop policy‑as‑code automation with tools like Open Policy Agent (OPA), Conftest, or Terraform Sentinel to enforce enterprise standards during build and deploy. Secure Access, Identity, and Network Boundaries Engineer and maintain least‑privilege IAM and federated access patterns across AWS IAM, Azure AD, and hybrid workloads. Implement zero‑trust network and private connectivity architectures using Private Link, VPC Peering, Transit Gateways, and Azure Virtual WAN. Integrate secrets and key management (AWS KMS, Azure Key Vault) into developer workflows and CI/CD pipelines. Establish consistent patterns for cross‑account role assumption, conditional access, and machine identity lifecycle management. Defend and Detect in Cloud Environments Build and tune cloud‑native detections for suspicious activity (CloudTrail, GuardDuty, Security Hub, Azure Defender, and Sentinel analytics). Create threat detection‑as‑code pipelines to codify detections, alert thresholds, and response actions. Partner with SOC and IR teams to provide enriched telemetry, context, and runbooks for cloud‑specific threats (e.g., key misuse, persistence techniques, data exfiltration). Implement data protection controls for object and block storage (encryption at rest and in transit, DLP policies, cross‑region replication hardening). Enablement and Governance Translate complex cloud security risks into actionable engineering guidance; contribute to secure coding and IaC standards. Act as a trusted advisor to platform, DevOps, and engineering teams during architecture and design reviews. Drive adoption of continuous compliance frameworks (NIST 800‑53, CIS, ISO 27001, SOC 2) using automation and evidence collection. Publish dashboards and metrics for coverage, control health, and SLA performance. Vulnerability and Risk Management Integrate container and image scanning into CI/CD and runtime (ECR, ACR, GitHub, or Harness pipelines). Own triage for cloud misconfiguration findings and ensure risk‑based prioritization using exposure, exploitability, and asset criticality. Escalate KEV or auto‑wormable vulnerabilities as emergency response; coordinate patching or compensating controls. Minimum Qualifications 5+ years of hands‑on experience in Cloud Security Engineering across both AWS and Azure enterprise environments. Strong proficiency in at least one infrastructure‑as‑code language (Terraform, Bicep, CloudFormation) and familiarity with Git‑based workflows. Deep knowledge of identity and access management, network security, and encryption key management in multi‑cloud architectures. Proficiency in cloud‑native security tooling (AWS Security Hub, GuardDuty, Macie, Azure Defender, Sentinel) and third‑party platforms (Wiz, Prisma Cloud, or Orca). Experience embedding controls into CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins, GitLab, Harness). Scripting skills (Python, PowerShell, or Bash) to automate control checks, evidence collection, and integrations. Practical understanding of container security (EKS, AKS), serverless security, and cloud networking. Preferred Qualifications Familiarity with NIST SSDF, CIS Benchmarks, MITRE ATT&CK for Cloud, and SLSA frameworks. Experience implementing cross‑cloud governance frameworks (AWS Control Tower, Azure Landing Zones, or enterprise multi‑account architecture). Understanding of incident response in cloud environments — containment, forensics, and recovery in distributed systems. Relevant certifications (e.g., AWS Certified Security – Specialty, Azure Security Engineer Associate, GCSA, GCFA, or CCSP). Behavioral Competencies Enablement first: empower engineering teams through reusable patterns, not policy bottlenecks. Automation mindset: treat security controls as code — versioned, tested, and continuously improved. Curiosity and collaboration: thrive in complex, fast‑moving environments and build trust across functions. Clear communicator: translate risk into engineering work and business impact. Candidate should be comfortable with an on‑site presence to support collaboration, team leadership, and cross‑functional partnership. Why Join Us At Acrisure, we’re building more than a business, we’re building a community where people can grow, thrive, and make an impact. Our benefits are designed to support every dimension of your life, from your health and finances to your family and future. Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children’s Hospital in Grand Rapids, Michigan, UPMC Children’s Hospital in Pittsburgh, Pennsylvania and Blythedale Children’s Hospital in Valhalla, New York. Employee Benefits Physical Wellness: Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time. Mental Wellness: Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription. Financial Wellness: Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs. Family Care: Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage. … and so much more This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location. Acrisure is an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, religion, sex, national origin, disability, or protected veteran status. Applicants may request reasonable accommodation by contacting leaves@acrisure.com. California Residents: Learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy. Recruitment Fraud: Please visit here to learn more about our Recruitment Fraud Notice. Welcome, your new opportunity awaits you. #J-18808-Ljbffr