[Remote] Sr Cloud Security Engineer - Cloud Cert; CISSP/GIAC EAST COAST ONLY

Note: The job is a remote job and is open to candidates in USA. Volkswagen of America, Inc is seeking a Senior Cloud Security Engineer to lead the strategy, design, and implementation of AWS security capabilities. The role involves securing complex systems and assets, partnering with teams to embed security throughout the SDLC, and mentoring engineers to enhance the organization’s security posture.

Responsibilities

• Lead the design and evolution of secure AWS architectures across services such as Amazon VPC, Amazon EC2, Amazon EKS, and AWS Lambda
• Define and enforce enterprise-wide security standards for identity, network, data protection, and workload security using AWS IAM and AWS KMS
• Architect scalable, secure multi-account environments leveraging AWS best practices (e.g., landing zones, guardrails)
• Evaluate and introduce new security technologies and frameworks to enhance cloud security posture
• Drive security-by-design principles across all cloud and platform engineering initiatives
• Lead threat modeling, secure architecture reviews, and risk assessments for complex, distributed systems
• Establish and mature secure SDLC practices, integrating security into CI/CD pipelines at scale
• Oversee code reviews, security testing (SAST/DAST), and vulnerability management processes
• Ensure adherence to standards such as OWASP Top 10 and CWE/SANS Top 25
• Mentor engineering teams on secure coding, architecture patterns, and cloud-native security practices
• Lead enterprise vulnerability management strategy across cloud infrastructure and applications
• Perform advanced threat-centric assessments to identify systemic risks and architectural weaknesses
• Prioritize remediation efforts based on business impact and threat intelligence
• Ensure compliance with internal policies and external frameworks (e.g., SOC 2, ISO 27001, NIST)
• Partner with audit and compliance teams to streamline evidence collection and control validation
• Design and mature cloud detection and response capabilities using tools such as Amazon GuardDuty, AWS Security Hub, Amazon CloudWatch, and AWS CloudTrail
• Develop advanced detection rules, automate response workflows, and improve alert fidelity
• Lead and coordinate incident response for high-severity security events
• Conduct post-incident reviews and drive long-term remediation and resilience improvements
• Act as a strategic liaison between Security, DevOps, Platform, and Engineering leadership
• Influence architectural decisions and drive adoption of security best practices across teams
• Lead security initiatives, roadmap planning, and cross-functional projects
• Develop and deliver advanced security training and awareness programs
• Mentor junior engineers and contribute to building a strong security engineering culture

Skills

• 7 - 9 years of experience in technical aspects of cloud, applications, web or mobile
• 5+ years of experience in IT security function
• B.S. in Information Technology, Computer Science or equivalent work experience
• Advanced hands-on experience with SIEM platforms for real-time monitoring, threat detection, and incident response, including: Splunk, Elastic Stack (ELK), or Sumo Logic
• Designing and implementing SIEM integrations with cloud-native services and Kubernetes environments
• Developing log aggregation strategies, correlation rules, and alerting mechanisms to detect misconfigurations, anomalous behavior, and unauthorized access
• Deep expertise in Infrastructure-as-Code (IaC) with a strong emphasis on scalable and secure design: Terraform (strongly preferred), AWS CloudFormation, AWS CDK
• Proven ability to enforce security guardrails and policy-as-code within IaC pipelines
• Extensive experience with cloud-native security platforms and posture management tools, such as: Wiz, Prisma Cloud, AWS: AWS Security Hub, Amazon GuardDuty, AWS Config, Azure: Microsoft Defender for Cloud, Microsoft Sentinel, GCP: Security Command Center, Forseti Security
• Strong architectural knowledge of cloud security fundamentals, including: Identity and Access Management (IAM) models (RBAC/ABAC) and least-privilege enforcement, VPC architecture, network segmentation, security groups, flow logs, and private endpoints, Encryption standards (TLS), key management (KMS), and secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager)
• Expertise in container and Kubernetes security, including: Pod security controls (Pod Security Policies, Pod Security Standards) and runtime security (e.g., Falco), Policy-as-code frameworks such as Open Policy Agent (OPA)/Gatekeeper, Kyverno, or KubeArmor, Secure image scanning and software supply chain security tools (e.g., Trivy, Grype, Snyk)
• Proven leadership in DevSecOps practices, including: Designing and implementing automated security testing, validation, and remediation within CI/CD pipelines, Driving secure-by-design principles across engineering teams
• Experience conducting cloud security assessments and audits, with the ability to: Identify risks, gaps, and misconfigurations, Deliver actionable remediation guidance aligned with compliance frameworks and incident response strategies
• Strong communication and cross-functional collaboration skills, with experience influencing engineering, DevOps, and platform teams
• Masters in Information Technology, Computer Science (or related education)
• Relevant cloud certifications, such as: AWS, Azure, or GCP Professional/Specialty certifications
• Industry-recognized security certifications, including: CISSP, GIAC, or equivalent advanced security credentials
• Nice-to-have domain expertise in areas such as data telemetry, V2X communications, or OTA infrastructure

Company Overview