Senior Cloud Security Engineer

Gibson Dunn is a leading global law firm, advising clients on significant transactions and disputes. Our exceptional teams craft and deploy creative legal strategies that are meticulously tailored to every matter, however complex or high-stakes. The firm's work is distinguished by a unique combination of precision and vision.

Based in any U.S. Office, the Senior Cloud Security Engineer plays a critical role in the InfoSec team, leading the design, implementation, and assessment of cloud security controls across the firm's hybrid infrastructure. This position ensures compliance with Information Security and IS policies while aligning with industry best practices for cloud security.

This role reports to the Senior Director, Information Security Operations and collaborates closely with the IT Architect, Cloud Administrators, and senior leadership on cloud operations. The Senior Cloud Security Engineer will interface with technical teams, legal and compliance stakeholders, external auditors, and cloud service providers.

Responsibilities include:

• Designing and implementing security controls across multi-cloud environments (e.g., Azure, AWS, GCP).
• Conducting continuous assessments of cloud-based infrastructure, applications, and services.
• Reviewing cloud architecture and configurations to validate security posture and data protection.
• Leading threat modeling, risk assessments, and vulnerability management for cloud-native services.
• Administering cloud security testing, including penetration testing, misconfiguration audits, and incident simulations.
• Collaborating with DevOps and engineering teams to embed security into CI/CD pipelines and cloud deployments.
• Driving remediation of security findings and ensuring alignment with regulatory and compliance frameworks.
• Maintaining expertise in cloud security trends, tools, and threat intelligence.
• Leading security reviews of cloud perimeter defenses (e.g., WAFs, cloud-native firewalls, DDoS protection).
• Managing cloud security controls and endpoint protection platforms (e.g., Defender for Cloud, CrowdStrike, Cloudflare, Proofpoint TAP).
• Overseeing cloud security monitoring and logging.
• Coordinating incident response and disaster recovery planning for cloud workloads.
• Conducting gap analyses and compliance audits across cloud environments (e.g., ISO, NIST, SOC 2, HIPAA).
• Evaluating third-party cloud services and integrations for security risks.
• Providing technical guidance and mentorship to engineers and cross-functional teams.
• Developing and maintaining cloud security policies, playbooks, and documentation.
• Participating in a rotating on-call schedule to provide after-hours support and ensure timely resolution of critical issues.

Qualifications:

• Deep knowledge of cloud platforms (Azure, AWS, GCP) and associated security services.
• Experience with regulatory frameworks and standards (SOC, GLBA, HIPAA, GDPR).
• Familiarity with DevSecOps practices and infrastructure-as-code tools
• Strong communication skills to engage technical and non-technical audiences.
• Proven ability to lead complex security initiatives and drive cross-team collaboration.
• Commitment to continuous learning and staying current with emerging cloud threats and technologies.

Experience:

• Bachelor's degree in Computer Science, Information Systems, or related field.
• Cloud security certifications (e.g., CCSP, AWS Certified Security – Specialty, Azure Security Engineer).
• Minimum 10 years of experience in information security, with 5+ years focused on cloud security.

Gibson Dunn will consider for employment qualified Applicants with Criminal Histories in a manner consistent with the requirements of local law.

Compensation & Benefits:

The annual compensation range for this position is $150-170k. The salary offered within this range will depend upon qualifications and other operational considerations.

Benefits offered for this position include health care; retirement benefits; paid days off, including sick time, and vacation time; parental leave; basic life insurance; Flexible Spending Accounts; as well as discretionary, performance-based bonuses.