Cloud Security Engineer

This is a fully remote position, open to applicants in Colombia.

📋 Description

• Take ownership and lead cloud security initiatives across Addi's AWS infrastructure, establishing a solid technical foundation for a robust and scalable cloud security program.

• Execute a thorough cloud security evaluation across all AWS accounts within the initial 60 days, generating a prioritized inventory of findings and a remediation roadmap, ensuring that 100% of critical and high-severity issues are resolved within the Service Level Agreement.

• Design, implement, and operationalize CrowdStrike CNAPP from the ground up, achieving complete coverage of the AWS environment and enabling ongoing posture monitoring, misconfiguration detection, and threat identification across cloud workloads.

• Review the existing Terraform codebase and establish secure Infrastructure as Code (IaC) standards and best practices, incorporating policy-as-code controls, secrets management, and least privilege enforcement, with at least 80% of new infrastructure deployments adhering to the defined standards.

• Manage and uphold the cloud security controls necessary for maintaining ISO 27001 certification, ensuring there are no critical gaps in cloud-related control domains and providing the required evidence and documentation for ongoing audits.

• Implement continuous cloud security monitoring and alerting within CrowdStrike NG-SIEM, ensuring that all critical cloud events are correlated and actionable, with established SLAs for responding to cloud-originated alerts.

⛳️ Requirements

• In-depth AWS Security Expertise (Must-Have)

• Practical experience securing AWS environments, including IAM, VPC, S3, CloudTrail, GuardDuty, Security Hub, and KMS.

• Strong comprehension of the AWS shared responsibility model, attack surface management, and cloud-native threat vectors.

• Demonstrated ability to evaluate and strengthen AWS environments against CIS Benchmarks, AWS Well-Architected Security Pillar, and ISO 27001 controls.

• CNAPP / CSPM Operational Experience (Must-Have)

• Experience managing CNAPP or CSPM platforms (CrowdStrike Falcon Cloud Security, Wiz, Prisma Cloud, or similar) in live production settings.

• Capability to configure detection rules, mitigate false positives, and convert posture findings into actionable remediation tasks for engineering teams.

• Proficient in creating cloud security dashboards and reports for both technical and non-technical audiences.

• Cloud Vulnerability & Risk Management (Must-Have)

• Experience overseeing cloud security findings from identification and prioritization to remediation tracking and resolution.

• Ability to evaluate risk based on exploitability, exposure, and business impact rather than solely relying on CVSS scores.

• Proven history of driving cross-functional remediation initiatives with engineering and platform teams.

• Collaboration & Communication (Must-Have)

• Comfortable functioning as an individual contributor within a cybersecurity team, collaborating closely with platform and engineering teams.

• Skilled at translating complex cloud security risks into clear, prioritized recommendations for both technical and business stakeholders.

• Terraform & Secure IaC (Nice to Have)

• Practical experience writing and reviewing Infrastructure as Code in production AWS environments.

• Experience implementing security controls within IaC pipelines, including static analysis tools (e.g., Checkov, tfsec), secrets detection, and least privilege IAM patterns.

• Ability to evaluate existing infrastructure code, identify security vulnerabilities, and promote adherence to secure coding standards among engineering teams.

• Compliance & Audit Support (Nice-to-Have)

• Familiarity with ISO 27001 requirements as they pertain to cloud environments.

• Experience in gathering and maintaining evidence for cloud-related control domains to support audits and certifications.

🏝️ Benefits

• Competitive compensation and meaningful ownership

• Generous salary

• Equity in the company

• Benefits that extend beyond the basics to foster your growth