Senior Security Engineer II – Cloud & Data Security

About the Role We are hiring a Senior, hands-on Cloud Security Engineer to secure a large-scale, cloud-native SaaS platform. This is an engineering-first role for someone who builds security solutions—not just manages tools. You will be a SME for cloud security architecture across platform, IAM, network, workload, data, and AI enablement, and partner with Engineering, Security, and Product to implement scalable controls that support business growth. You’ll design secure architectures, embed controls into infrastructure-as-code, and build automated guardrails so teams can move fast without waiting on manual security approvals. We’re looking for a builder-defender who thrives in complex cloud environments, automates aggressively (“let the robots do the work”), and can scale cloud security for a fast-moving SaaS company. What You’ll Do Architectural Leadership: Partner deeply with infrastructure and engineering teams to embed security into development workflows, leading high-level technical discussions to guide security efforts and strategic priorities. Multi-Cloud Engineering: Design, implement, and continuously improve Sigma Cloud Security across AWS, GCP, and Azure environments with architect-level technical depth. Threat Modeling IR: Conduct cloud threat modeling and demonstrate hands-on experience in Cloud Incident Response, including investigating and remediating malicious activity within cloud environments. Identity Access: Build IAM and privileged access strategy (RBAC/ABAC, federation, least privilege, cross-account access), eliminating standing privilege and long-lived credentials. Develop and enforce IAM best practices, including zero-trust models and privileged access controls across IaaS and SaaS. Drive cloud data security controls including classification, encryption/KMS, masking/tokenization, access governance, retention/deletion, and exfiltration risk reduction across APIs and data pipelines. Develop automated remediation workflows for recurring cloud misconfigurations, drift, and policy violations to reduce manual effort and response time. Security Stack Management: Deploy and manage cloud-native services (CSPM, CNAPP, DSPM, SIEM, DLP, WAF, Kubernetes, and container security). Network Defense: Review and apply zero-trust principles through strict network segmentation, authentication, and authorization. Automation: Develop sophisticated signatures/rules for cloud security and automate detection and response workflows. AI : Use AI securely and effectively to scale security practices and improve team efficiency. Continuous Evolution: Stay ahead of threats by leveraging intelligence, attack simulation, and red/blue team learnings. What We’re Looking For Minimum 7+ years in Security roles with at least 5+ years focused on Cloud security engineering,IAM, and Data security Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field. Deep technical expertise in cloud architectures AWS/Azure/GCP; including IAM, networking (VPCs, security groups, PrivateLink), and native security services is strongly desired. Strong infrastructure-as-code skills—you write Terraform professionally, not just read it. Advanced understanding and experience with container security, Kubernetes, and secure CI/CD pipeline design Proven ability to demonstrate incident response experience specifically related to cloud-based malicious activity and breach remediation. Advanced Cloud IAM expertise: federation, SSO, PAM/JIT access, service identities, and least privilege design. Strong background in cloud network security (segmentation, private connectivity, egress controls, WAF). Strong proficiency in scripting languages (e.g., Python, Go, PowerShell) for automation, data analysis, and security tooling development. Strong knowledge of security platforms such as CNAPP (Wiz), WAF (Cloudflare), SASE (Netskope) Demonstrated ability to lead cloud/saas architecture reviews and influence senior ... (truncated, view full listing at source)