Senior Cloud Security Engineer

Clearance:
Must have ability to obtain a Public Trust Clearance (US Citizenship required)
Location:
Washington DC Metro area preferred, remote
As a
Senior Cloud Security Engineer
at Finch AI, you'll play a pivotal role in maintaining and enhancing our security posture across AWS cloud environments. This position is ideal for security practitioners with a broad range of experience in operational security, governance, cloud security, and automation who thrive in dynamic, agile teams.

Responsibilities
Security & Compliance

• Ensure adherence to cloud security requirements and best practices (FISMA, RMF, NIST, ISO 27000 series).
• Perform monitoring, intrusion detection, incident investigation, and corrective actions within AWS environments.
• Conduct security assessments, enforce policies, and report on vulnerability remediation.
• Lead cloud security initiatives, including risk assessments, remediation, and compliance efforts.
• Develop and implement advanced cloud security strategies, policies, and procedures.

Cloud Infrastructure & Automation

• Deploy, configure, and automate security guardrails using AWS native tools such as AWS Control Tower, AWS Security Hub, AWS Config, AWS CloudTrail, AWS GuardDuty, and AWS Macie.
• Integrate and manage logging, monitoring, and security tools such as CrowdStrike, Darktrace, and Splunk.
• Develop hardened AWS AMIs and automate infrastructure deployments.
• Ensure systems remain patched, updated, and secure by managing patch deployments and vulnerability remediation efforts using AWS Systems Manager Patch Manager.
• Familiarity with containerization and orchestration tools (e.g., Docker, Kubernetes, AWS ECS) is a plus.

Firewall & Networking

• Configure and maintain AWS Network Firewalls, AWS Security Groups, AWS NACLs, and other cloud-native security controls.
• Optimize AWS networking/security services such as AWS Shield, AWS WAF, AWS GuardDuty, and AWS Inspector.
• Secure the environment using AWS Control Tower, Service Control Policies (SCPs), IAM policies, NACLs, and security groups to enforce least privilege access and proper network segmentation.
• Managing Palo Alto Firewalls and VPN connectivity between cloud resources.
• Administration of Palo Alto Firewalls
• Collaborate with stakeholders to gather security requirements and maintain secure cloud operations.

Incident Response & Continuity

• Conduct proactive troubleshooting and incident response to resolve complex issues with minimal downtime.
• Participate in weekly IT meetings, manage patch deployments, and handle vulnerability remediation.
• Conduct root cause analyses and provide detailed documentation for security incidents.
• Support IT Service Continuity drills and ensure reliable system operations within AWS environments.

Strategic Leadership

• Ability to provide thought leadership and help define strategic and tactical vision to improve mission efficiency and effectiveness.
• Collaborate with cross-functional teams to advance security initiatives, streamline operations, and achieve business objectives.

Required Skills & Qualifications
Technical Expertise

• Strong scripting skills (Terraform, AWS CloudFormation, Bash, Python).
• Extensive hands-on experience configuring, optimizing, and securing AWS Firewalls and networking tools.
• Advanced administration of AWS networking/security services (e.g., AWS Shield, AWS WAF, AWS GuardDuty, AWS Security Hub, AWS Macie, AWS Config, AWS CloudTrail).
• 8+ years of hands-on security experience, including 4+ years in AWS cloud security and 2+ years in systems automation.
• Hands-on experience with CrowdStrike and developing SOAR playbooks.

Certifications (Preferred)

• AWS Security Specialty, AWS Solutions Architect, or AWS SysOps Administrator.
• Security+ CE, SSCP, CCNA-Security, GSEC, or PCNSE.

Knowledge Base

• In-depth understanding of security principles, best practices, and compliance frameworks.
• Familiarity with networking, databases, web operations, and securing AWS cloud workloads.
• Excellent problem-solving, analytical, and communication skills.

Education

• BS/BA in Computer Science or a related field, or 5 years of equivalent work experience.

Why Join Finch AI

• Innovation: Work with cutting-edge technologies and solve complex, real-time data challenges.
• Collaboration: Be part of a supportive, high-performing team that excels in both virtual and co-located settings.
• Growth: Take ownership of impactful security projects and expand your expertise in AWS cloud security and automation.
• Culture: Enjoy an agile, problem-solving environment where your contributions directly drive success

About FINCH AI
Finch AI is a fast-growing, fast-paced software development organization; our mission is to build new ways of interacting with information. We do that by leveraging game-changing intellectual property, cloud infrastructure expertise, and a staff that is second to none. Together, we build and support products that address complex, real-time data and analytics needs in the enterprise.

Our teams are comprised of successful people that enjoy solving problems, engaging in substantive technical discussions and have passion for their work. We have very high expectations in terms of skill, motivation, self-organization, and productivity. We look for people who excel working in groups, virtual and collocated, as well as those who are comfortable with fast paced agile development.

Finch AI is an equal opportunity employer.