Cloud Security Engineer
RiPSIM Technologies
Other Engineering
Ashburn, VA, USA
USD 120k-160k / year
Posted on Feb 23, 2026
Cloud Security Engineer
$120,000 - $160,000 a year - Full-time
Profile insights
Find out how your skills align with the job descriptionSkills
Education
Job details
Pay
- $120,000 - $160,000 a year
Job type
- Full-time
Work setting
- Hybrid work
BenefitsPulled from the full job description
- 401(k)
- Health insurance
- 401(k) matching
- Paid time off
- Vision insurance
- Dental insurance
- Life insurance
Full job description
As a Cloud DevSecOps Engineer, you will design, implement, and maintain secure, observable, and highly automated cloud infrastructure across our multi-account AWS environment. Reporting directly to the VP of Technical Operations & CISO, you will serve as the primary security and automation engineering resource within a lean, high-impact team — owning the intersection of cloud infrastructure, security architecture, observability, and compliance readiness.
This is a hands-on senior individual contributor role. You will build, secure, and automate the infrastructure that supports our GSMA SAS-SM certified eSIM management platform — from CI/CD pipelines and infrastructure as code to monitoring, logging, and alerting systems. You will directly contribute to our security posture and our path toward ISO 27001 and SOC 2 certifications, while providing infrastructure coverage and collaboration alongside Technology Operations Team to ensure operational resilience.
Responsibilities
- Cloud Security Architecture: Design, implement, and manage security controls across our multi-account AWS environment, including IAM architecture, Identity Center (SSO), OIDC federation, Service Control Policies, and least-privilege access models. Ensure our infrastructure meets the security requirements of GSMA SAS-SM certification and future ISO 27001 and SOC 2 audits.
- Observability, Monitoring & Security Operations: Build and maintain comprehensive monitoring, logging, and alerting systems using AWS-native services (CloudWatch, CloudTrail, EventBridge) and/or open-source solutions (Prometheus, Grafana, ELK/OpenSearch, Graylog, or similar). Implement and manage security services including GuardDuty, Security Hub, and Config Rules. Establish meaningful dashboards, thresholds, and alerting workflows that provide operational visibility, support incident response, and meet compliance retention requirements. Proactively identify and remediate vulnerabilities, misconfigurations, and threats.
- Automation & DevOps: Design and maintain automation frameworks for infrastructure provisioning, configuration management, security enforcement, and operational workflows. Build and support the tooling and infrastructure that enables automation across the team — including job scheduling, orchestration, and integration between systems. Systematically identify and eliminate manual toil through scripting (Python, Bash) and infrastructure as code.
- CI/CD Pipeline Security: Build, harden, and maintain CI/CD pipelines (Jenkins, GitHub Actions, or GitLab CI), implementing OIDC-based authentication, secrets management, security scanning, and automated testing within the software delivery lifecycle. Eliminate stored credentials and enforce secure deployment practices.
- Compliance & Infrastructure Collaboration: Generate and maintain technical compliance evidence for GSMA SAS-SM audit renewals and future certification efforts. Document security architectures, controls, and operational procedures to support audit readiness. Work closely with the Director of Cloud Operations on infrastructure design, capacity planning, and cloud optimization — providing infrastructure operations coverage during absences to ensure continuity of service.
- Disaster Recovery & Business Continuity: Design, implement, and maintain disaster recovery strategies across our multi-account AWS environment, including backup automation, cross-region replication, failover architectures, and recovery procedures. Define and validate RTO/RPO targets for critical systems. Conduct regular DR testing and tabletop exercises, document recovery runbooks, and ensure DR capabilities meet both operational and compliance requirements.
Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Relevant work experience may be considered in lieu of a bachelor's degree.
- 4–8 years of experience in cloud infrastructure, DevOps, DevSecOps, or security engineering roles, with at least 3 years focused on AWS.
- Deep hands-on experience with AWS Organizations, Identity Center (SSO), IAM (roles, policies, trust relationships, OIDC federation), Service Control Policies, and network security (VPCs, security groups, NACLs, Transit Gateway).
- Experience designing and implementing disaster recovery solutions, including backup strategies, cross-region replication, failover architectures, and RTO/RPO planning.
- Proficiency in Terraform for multi-account infrastructure provisioning and security policy management.
- Proven experience designing and implementing monitoring, logging, and alerting solutions — both AWS-native (CloudWatch, CloudTrail, EventBridge) and open-source (Prometheus, Grafana, ELK/OpenSearch, Graylog, or similar).
- Experience implementing and managing AWS security services: GuardDuty, Security Hub, and Config Rules.
- Hands-on experience building, securing, and maintaining CI/CD pipelines, including OIDC-based authentication and secrets management.
- Strong automation mindset with demonstrated experience building operational tooling, workflow automation, and reducing manual toil through scripting (Python, Bash) and infrastructure as code.
- Strong documentation skills — the ability to produce clear, audit-ready technical documentation is essential.
- Demonstrated ability to work independently and own problems end-to-end in a small team environment.
Job Type: Full-time
Pay: $120,000.00 - $160,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible schedule
- Health insurance
- Life insurance
- Paid time off
- Vision insurance
Work Location: Hybrid remote in Ashburn, VA 20147
If you require alternative methods of application or screening, you must approach the employer directly to request this as Indeed is not responsible for the employer's application process.
