Principal AWS Cloud Security and Compliance Engineer

Principal AWS Cloud Security and Compliance Engineer

Nível Acadêmico: Ensino Superior Completo
Turno/Horas: 6 meses. 100% Remoto. CV's em inglês

About the Role

We are seeking a Principal AWS Cloud Security and Compliance Engineer with extensive hands-on experience in securing cloud environments at scale. This role is ideal for a seasoned security expert who thrives on designing, implementing, and managing cloud security controls, ensuring compliance with industry standards, and mitigating security risks across AWS infrastructure. The ideal candidate will bring a deep understanding of AWS security services, regulatory compliance frameworks, and cloud-native security best practices.

Key Responsibilities

1. Security Architecture & Design: Lead the design and implementation of secure AWS architectures, ensuring compliance with security frameworks and industry best practices.
2. Governance & Compliance: Develop, enforce, and monitor compliance with SOC 2, ISO 27001, NIST, CIS, FedRAMP, PCI-DSS, HIPAA, and other security standards.
3. Cloud Security Operations: Implement and manage AWS security services such as AWS IAM, AWS KMS, AWS GuardDuty, AWS Security Hub, AWS Macie, AWS Config, AWS WAF, and AWS Shield.
4. Threat Detection & Incident Response: Develop SIEM integrations, monitor security logs, investigate incidents, and lead incident response efforts to mitigate threats.
5. Automation & Infrastructure Security: Implement Infrastructure as Code (IaC) security policies using Terraform, AWS CloudFormation, or AWS CDK. Automate security monitoring and compliance reporting.
6. Identity & Access Management (IAM): Define and enforce least privilege access controls, manage AWS Organizations and Service Control Policies (SCPs).
7. DevSecOps & CI/CD Security: Embed security into the CI/CD pipeline, ensuring secure deployment practices across cloud workloads.
8. Security Risk Assessments: Perform cloud security risk assessments, threat modeling, and penetration testing to identify and mitigate vulnerabilities.
9. Security Awareness & Training: Mentor engineering teams on secure coding, cloud security best practices, and AWS security controls.
10. Stakeholder Collaboration: Work with engineering, compliance, and business teams to align security strategies with organizational goals.

Required Qualifications

1. 10-12 years of hands-on experience in cybersecurity, cloud security, and compliance, with at least 5 years in AWS security.
2. Expert-level knowledge of AWS security services, architecture, and best practices.
3. Deep understanding of compliance frameworks (e.g., SOC 2, ISO 27001, NIST, FedRAMP, PCI-DSS, HIPAA).
4. Experience with AWS IAM, VPC security, AWS WAF, KMS, CloudTrail, Config, Security Hub, Macie, and GuardDuty.
5. Proficiency in SIEM solutions, security automation, and cloud-native security tools.
6. Hands-on experience with IaC security (Terraform, CloudFormation), container security (EKS, ECS), and serverless security.
7. Strong background in DevSecOps, securing CI/CD pipelines, and integrating security into cloud-native development.
8. Expertise in identity & access management (IAM), RBAC, MFA, and Zero Trust security models.
9. Experience with incident response, threat detection, and forensic analysis in AWS.
10. Proficient in scripting and automation (Python, Bash, or PowerShell).
11. Strong communication skills with the ability to influence technical and non-technical stakeholders.

Preferred Qualifications

1. AWS Certified Security – Specialty or AWS Certified Solutions Architect – Professional certification.
2. Experience in multi-cloud security (AWS, Azure, GCP) is a plus.
3. Familiarity with security risk management frameworks (e.g., MITRE ATT&CK, OWASP, CIS Benchmarks).
4. Knowledge of AI/ML security, API security, and data protection strategies.

A Combinar