Enterprise Cloud Security Lead Engineer

This range is provided by ECCO Select. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range $140,000.00/yr - $155,000.00/yr Direct message the job poster from ECCO Select ECCO Select is a talent acquisition and consulting company specializing in people, process and technology solutions. We provide the talent behind technology enabling our clients to achieve their goals. For more information about ECCO Select, visit us at www.eccoselect.com. Job Description Sr. Enterprise Security Engineering Lead 6+ Month Contract to Hire DFW Area Mostly remote—will come in as needed Position Summary The Enterprise Security Engineering Lead – will serve as the primary technical and strategic lead for securing Freeman’s AWS cloud environment as part of the company’s broader cloud migration. This role will ensure the design and implementation of secure cloud architectures, the migration of workloads from Azure and on‑premise environments into AWS, and the development of security controls to support ongoing scalability, resilience, and compliance. Operating within the IT Security department, this role bridges hands‑on technical work with strategic oversight—defining enterprise guardrails and ensuring security is embedded in every stage of cloud design and deployment. Key Responsibilities Serve as the technical IT Security lead overseeing the buildout of Freeman’s AWS tenant, establishing a secure and scalable foundation for enterprise workloads. Define the cloud security architecture roadmap in alignment with IT Security’s long‑term vision, compliance goals, and the company’s hybrid cloud strategy. Participate in cross‑functional collaboration with Infrastructure, Enterprise Architecture, and Compliance teams to ensure all cloud and migration efforts meet security and regulatory requirements. Cloud Security Architecture & Engineering Design and ensure implementation of AWS security configurations and controls that align with NIST CSF, CIS Benchmarks, and ISO 27001. Architect and maintain secure identity and access management (IAM) structures, encryption standards, and network segmentation for AWS workloads. Ensure secure migration of workloads and data from Azure and on‑premise environments into AWS, ensuring consistent governance and compliance. Ensure security automation and Infrastructure‑as‑Code (Terraform, CloudFormation) guardrails are embedded to enforce baseline configurations and detect drift. Collaborate with DevOps to integrate security scanning and validation into CI/CD pipelines. Governance, Risk, & Compliance Ensure all AWS security configurations align with Freeman’s compliance obligations (SOC 2, PCI, NIST CSF). Oversee the implementation of AWS‑native security services such as GuardDuty, Security Hub, Config, and CloudTrail for continuous visibility and assurance. Support internal and external audit readiness by maintaining evidence, documentation, and testing of cloud controls. Partner with Risk and GRC teams to translate compliance requirements into actionable technical controls. Work with the SOC team to design and tune detection rules, log pipelines, and automated response playbooks for AWS environments. Lead cloud‑related incident investigations and coordinate remediation efforts across teams. Continuously evaluate new AWS security capabilities and third‑party tools to enhance detection, response, and prevention capabilities. Partner with Infrastructure and Application teams to embed security early in project design and delivery. Develop and maintain enterprise documentation including cloud security standards, architecture diagrams, and operational runbooks. Provide technical leadership in design reviews, risk assessments, and vendor evaluations related to cloud security solutions. Qualifications & Experience Required 5+ years of experience in IT Security or Cloud Security roles, with at least 3 years in a senior or lead capacity. Proven hands‑on experience with AWS architecture, governance, and security controls. Demonstrated success migrating or securing hybrid environments spanning Azure and on‑premise infrastructure. Deep understanding of IAM, encryption, key management, networking, and monitoring within AWS. Expertise with Infrastructure‑as‑Code (Terraform, CloudFormation) and automation scripting (Python, PowerShell, Bash). Strong familiarity with NIST CSF, CIS, and ISO 27001 frameworks. Preferred AWS Certified Security – Specialty or AWS Solutions Architect – Professional. Experience with container and serverless security (EKS, ECS, Lambda). Familiarity with Zero Trust network and access models (Zscaler, Cloudflare, Okta). Experience leading or contributing to SOC 2, PCI DSS, or ISO 27001 audit readiness efforts. Demonstrated ability to lead teams and deliver security solutions in large, distributed enterprises. Core Competencies Strong collaboration and communication across technical and executive audiences. Proactive and analytical mindset with focus on risk reduction and operational efficiency. Ability to balance innovation, compliance, and business enablement within a fast‑moving transformation initiative. ECCO Select is committed to hiring and retaining a diverse workforce. Our policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Veterans of our United States Uniformed Services are specifically encouraged to apply for ECCO Select opportunities. Equal Employment Opportunity is The Law This Organization Participates in E-Verify Salary Base pay range: $140,000.00/yr - $155,000.00/yr Seniority level Mid‑Senior level Employment type Full‑time Job function Events Services IT Services IT Consulting Benefits Medical insurance Vision insurance 401(k) Disability insurance #J-18808-Ljbffr