Skip to main content
Get Well

Cloud Security Engineer / DevSecOps Engineer - Remote

4w

Get Well

US · Full-time · $140,000 – $170,000

About this role

We are looking for a Cloud Security Engineer / DevSecOps Engineer to help strengthen and mature security across our AWS and Azure environments, software delivery workflows, and vulnerability management processes. This is a mid-level individual contributor role for someone who can work independently on defined security initiatives and partner directly with engineering and IT teams.

Day-to-day responsibilities include reviewing and improving secure cloud architectures, implementing security controls around IAM, network segmentation, encryption, and logging, and identifying and remediating cloud misconfigurations. You will also operate vulnerability management processes and support security monitoring and alert triage using platforms such as Rapid7, Wazuh, and InsightIDR.

You will collaborate closely with engineering and infrastructure teams to integrate DevSecOps practices into CI/CD workflows and support compliance monitoring and audit readiness using Vanta and Compyl. The role also involves mapping technical controls to compliance requirements and participating in threat modeling for new applications and cloud deployments.

This position offers the opportunity to contribute to cloud security architecture decisions and work across multiple compliance frameworks including SOC 2, HIPAA, HITRUST, and FedRAMP Moderate. You will help shape security documentation and standards while working in a hands-on, practical environment that values translating security requirements into actionable improvements.

Requirements

  • 3–5 years of experience in cybersecurity, cloud security, DevOps, infrastructure, systems administration, security operations, compliance operations, or a related technical role.
  • Hands-on experience with AWS and/or Microsoft Azure, with the ability to work across both platforms.
  • Working knowledge of cloud security concepts, including IAM, network controls, encryption, logging, monitoring, workload security, and shared responsibility models.
  • Experience with common AWS security services such as IAM, CloudTrail, CloudWatch, GuardDuty, Security Hub, KMS, Config, S3 security, or VPC controls.
  • Proven ability to integrate security checks into CI/CD pipelines and implement DevSecOps practices.
  • Familiarity with vulnerability management and security monitoring tools like Rapid7, Wazuh, and InsightIDR.
  • Experience with compliance frameworks and benchmarks such as CIS, NIST, SOC 2, ISO 27001, HIPAA, FedRAMP Moderate, and HITRUST.
  • Ability to work independently on defined security initiatives and translate security and compliance requirements into actionable technical tasks.

Responsibilities

  • Review, improve, and help design secure architectures across AWS and Microsoft Azure environments.
  • Implement and maintain cloud security controls related to IAM, network segmentation, encryption, logging, key management, backups, secure configuration, and access control.
  • Identify and remediate cloud misconfigurations, excessive permissions, insecure storage, public exposure, weak logging, and missing security controls.
  • Partner with engineering and infrastructure teams to integrate security checks and DevSecOps practices into CI/CD workflows.
  • Operate and improve vulnerability management processes, including scanning, validation, prioritization, remediation tracking, reporting, and exception review.
  • Use security monitoring and telemetry platforms to support alert triage, endpoint visibility, log review, investigation, and detection improvement.
  • Support compliance monitoring, evidence collection, control mapping, and audit readiness activities using Vanta and Compyl.
  • Improve identity and access management practices, including least privilege, MFA, conditional access, service principals, role reviews, privileged access controls, and access certification support.

Benefits

  • Hands-on role with direct impact on cloud security posture and architecture decisions.
  • Exposure to multiple compliance frameworks including SOC 2, HIPAA, HITRUST, and FedRAMP Moderate.
  • Opportunity to work with modern security platforms like Vanta, Rapid7, Wazuh, and InsightIDR.
  • Collaborate directly with engineering and IT teams in a remote-first environment.