Lead Security Engineer Cloud & Hybrid Environments

Salary is 150k to 175kWe are seeking a hands-on Lead Security Engineer to drive enterprise security initiatives across cloud and hybrid environments. This role combines deep technical expertise with operational ownership, focusing on securing cloud workloads, infrastructure, and applications while embedding security into DevOps practices.Key ResponsibilitiesArchitect, deploy, and maintain perimeter defenses, including WAFs, next-generation firewalls, CDNs, and zero-trust network segmentation to safeguard applications and network traffic.Own incident detection and response, coordinating with internal teams and external partners, leveraging SIEM, threat intelligence, and automated response playbooks.Integrate security into CI/CD pipelines using DevSecOps tools (Terraform, Ansible, Veracode, Snyk) to enable shift-left security and early vulnerability remediation.Design, implement, and operate identity and access controls, including zero-trust architecture, IAM, and privileged access management to protect cloud and hybrid resources.Lead vulnerability management programs, including discovery, risk assessment, remediation tracking, and reporting, using automated platforms and manual processes.Conduct continuous monitoring of cloud workloads, ensuring compliance with regulatory frameworks (NIST, ISO 27001, PCI DSS, SOC 2) and enforcing secure configuration standards.Mentor and provide technical guidance to engineers and security staff on best practices for application security, network defense, IAM, and cloud infrastructure security.Partner with engineering, DevOps, and cloud teams to integrate security controls into infrastructure as code workflows and ensure operational resilience across enterprise systems.QualificationsStrong IT security engineering, with strong emphasis on cloud security, network security, IAM, and application security.Hands-on experience with Azure, AWS, or GCP, including workload security, cloud network design, and secure cloud architecture.Proficiency with security monitoring and response tools (SIEM, threat Client platforms, automated playbooks).Experience integrating DevSecOps tooling into CI/CD pipelines, including vulnerability scanning and code analysis platforms.Knowledge of identity and access management tools, zero-trust models, and privileged access management (Okta, Azure AD, CyberArk, etc.).Demonstrated ability to design, implement, and maintain secure network and perimeter architectures.Familiarity with regulatory standards such as NIST, ISO 27001, PCI DSS, SOC 2.Excellent mentorship and collaboration skills, capable of guiding engineers and communicating technical risk to stakeholders.