The Cloud Security Engineer is responsible for monitoring, maintaining, and improving the security posture of the Latch Cloud environment. This includes identifying and coordinating the remediation of vulnerabilities, reviewing and consulting on cloud architectures, and developing tooling and automations for common security tasks in concert with security analysts and site reliability engineers (SREs). Additionally the Cloud Security Engineer develops, maintains, and integrates Identity Access Management tools and Privileged Access Management tools to implement least-privilege principle access to our cloud environments, servers, databases, and SaaS platforms.

Seniority: Mid to Senior (5 to 7 years experience with Cloud Security Engineering, Network Security, Security or IT Operations, or Security Engineering)

Responsibilities:

• Cloud security environment vulnerability scanning and remediation with tools like Nessus, Qualys, or AWS Inspector
• Automation of security responses via AWS Lambda or similar serverless technologies
• Security response workflow automation in AWS Security Hub, JIRA, PagerDuty
• Cloud Security Architecture reviews
• Terraform / IaaC code reviews
• Operation, management, and optimization of MCAS and CASB solutions and development of related workflows and/or automated responses
• Splunk, ELK, or Sumo Logic security data monitoring signature.. Stuff
• Cloud environment security tool selection and proof of concept testing
• Data Loss Prevention event triage and operationalization
• Hardening service and user-based IAM postures across public cloud providers (particularly AWS & GCP)
• Implementation and management of commercial or in-house Privileged Access Management / IDM solutions
• Implementation and guidance to various engineering groups around Public Key Infrastructure
• Negotiation of security vendor contracts
• Reviewing security impacts and risks associated with potential new cross-functional vendor contracts, (not limited to review of ToC, Privacy Policies)
• Cloud incident response activities
• Cloud Security Risk Assessments and Reporting
• Production of compliance evidence requests pertaining to cloud infrastructure
• Periodic on-call response to significant security events within the cloud environment and Latch security monitoring systems

Nice to have:

• Hardware-based PKI experience utilizing HSMs, embedded platforms
• AWS CloudHSM or AWS KMS experience
• Development and continuing evaluation of cloud-based Data access control / Governance policies, using tools like Immuta, Cyral
• Experience with Python, Java, Terraform, CloudFormation, or NoSQL
• ABAC
• Familiarity with AWS Foundational Security standards or CIS Cloud Environment Standards