About the role

Principal Cloud Security Engineer leading security posture validation at HHAeXchange technology platform for home care. Collaborating with teams to align security strategy with business objectives.

Responsibilities

Design and guide secure architectures across AWS, Azure, and GCP.
Define and enforce security baselines aligned with NIST 800-53, HITRUST, and CIS Benchmarks
Lead threat modeling, architecture reviews, and secure design guidance for cloud workloads
Build and maintain Infrastructure as Code using Terraform (preferred) and cloud-native tooling
Integrate automated security controls into CI/CD pipelines (SAST, DAST, IaC scanning, container scanning)
Implement policy-as-code guardrails using tools such as AWS SCPs and cloud-native governance services
Develop automated remediation and enforcement workflows to reduce manual security effort
Embed compliance controls directly into cloud infrastructure and pipelines to support ATO efforts
Partner with compliance teams and auditors on evidence collection and continuous monitoring
Implement centralized logging, monitoring, and incident response across cloud environments
Serve as the senior cloud security SME for engineers, architects, and stakeholders
Mentor engineers on secure cloud development and DevSecOps practices
Translate complex security concepts to both technical and non-technical audiences
Provide daily oversight of security operations, to include the security impact analysis of proposed system modifications and implementations.
Monitor information security tools, including SIEM, system monitors, access control, and other specific cloud security controls

Bachelor’s degree in Computer Science or a related technical field, or equivalent practical experience.
8 + years of experience in the support of security-focused tools and services.
Minimum of 3 years of experience in support of security for Cloud Architectures.
Technical experience or understanding of commonly used EDR (e.g., SentinelOne, Carbon Black, Trend Micro, Crowdstrike, Microsoft Defender), network firewall (Palo Alto, Fortinet, AWS Firewall, Azure Firewall, Google Cloud Firewall), email security (Mimecast, Proofpoint), and workforce (O365, G Suite) software, technologies and standards.
Experience with Azure Security Center, AWS Security Hub, or Google Cloud Security.
Experience with security monitoring solutions (e.g., AWS CloudTrail, Azure Log Analytics, Google Cloud Audit Logs, SIEM, Cloud Security, or Cloud-Scale Monitoring).
Experience with securing CI/CD pipelines (e.g., Jenkins, git, CircleCI, TeamCity, Checkov, Fugue, Sentinel).
Experience with scripting and programming languages such as Python, Bash, Jinja, YAML, etc.
Comfort working in Linux, Windows, and Cloud Provider CLI.
Willingness to explore and adopt AI tools responsibly to enhance productivity and innovation in your role