Cloud Security Engineer

Manager Notes: Need someone who is very strong in Cloud native controls for Azure NSG, and Google Cloud Platform NGFW - incl IPS, VPC-SC, Cloud Armor - and is a whiz with DevOps and coding to build, commit, release, using ado code/pipelines, github, terraform cloud, etc. Excellent comms and troubleshooting ability.

Description

We are seeking an experienced Cloud Security Engineer to design, implement, and manage multi-cloud network security controls across Azure and Google Cloud Platform. The role focuses on Infrastructure-as-Code (IaC) delivery through Terraform, integrated into Azure DevOps Pipelines, GitHub Actions, and Argo CD GitOps workflows.

The ideal candidate is both a DevOps practitioner and Terraform subject matter expert (SME) who can build secure, automated solutions from scratch, while documenting and transferring knowledge to internal teams. The role requires someone comfortable balancing planned project execution under agile methodologies with rapid incident triage (P0 P3) in a dynamic, fast-paced environment.

Responsibilities

• Design, implement, and manage cloud-native network security controls in Azure and Google Cloud Platform, including:
• Azure NSGs (Network Security Groups)
• Google Cloud Platform VPC Service Controls (VPC-SC)
• Google Cloud Platform Cloud Armor (DDoS/WAF protection)
• Google Cloud Platform Cloud Next-Gen Firewall (NGFW Enterprise) with IPS/IDS
• Develop, maintain, and scale Terraform-based Infrastructure-as-Code modules for cloud infrastructure and security policies.
• Build, enhance, and manage CI/CD automation using Azure DevOps Pipelines and GitHub Actions.
• Support Kubernetes deployments and GitOps workflows using Argo CD, ensuring secure and reliable rollout of application manifests.
• Author clear documentation, runbooks, and deliver knowledge transfers/training to operational and engineering teams.
• Collaborate cross-functionally with cloud, security, and development teams to ensure secure, scalable solutions.
• Participate in agile ceremonies for planned project work and provide rapid incident response during P0 P3 security/networking events.

Required Qualifications

• 5+ years of hands-on experience as a Cloud Engineer / Cloud Security Engineer / DevOps Engineer.
• Strong expertise in Terraform (designing reusable modules, managing state, enterprise workflows).
• 5+ years of practical experience with Azure and Google Cloud Platform network security services: NSGs, VPC-SC, Cloud Armor, NGFW with IPS/IDS.
• Proficiency in CI/CD tools: Azure DevOps Pipelines and GitHub Actions.
• Familiarity with GitOps tools (Argo CD or Flux) for Kubernetes.
• Scripting proficiency (PowerShell, Bash, or Python) for automation and troubleshooting.
• Demonstrated experience documenting technical solutions, producing clear runbooks, and performing knowledge transfers to enable operational adoption.
• Strong troubleshooting and incident response skills in cloud environments.

Preferred Qualifications

• Experience securing workloads in AKS (Azure Kubernetes Service) and GKE (Google Kubernetes Engine).
• Exposure to other CI/CD platforms (GitLab CI, Jenkins, CircleCI) and config management (Ansible).
• Relevant certifications (strongly desired):
• Cloud Security / Architecture: Microsoft Azure Security Engineer Associate, Azure Solutions Architect Expert, Google Professional Cloud Security Engineer, or Google Professional Cloud Architect
• IaC / DevOps: HashiCorp Certified: Terraform Associate, Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), or Azure DevOps Engineer Expert