Cloud Security Engineer

Cloud Security Engineer (IAM)Role OverviewThis engineering position sits at the intersection of cloud security, identity architecture, and software development. The focus is on building automated, scalable mechanisms for managing identities, enforcing security controls, and integrating with cloud‑native services. Although the work touches IAM and security, this is fundamentally a hands‑on development role centered on Python and modern cloud engineering practices.Key ResponsibilitiesPartner with teams across cloud infrastructure, security engineering, service owners, and application groups to design and implement IAM roles, permissions, and policies required for consuming and delivering services in public cloud environments.Create, refine, and operationalize security controls and supporting tools that ensure identity and access implementations in AWS or GCP align with internal cloud security standards.Develop automation, libraries, and self‑service capabilities that allow engineering teams to provision IAM identities and permissions programmatically. Deliver these capabilities through CI/CD pipelines with automated validation.Enhance and maintain Python‑based frameworks used for:Orchestrating security controlsPowering detection and response workflowsBuild integrations with:Cloud APIs, identity layers, and service endpointsSecurity platforms and tooling ecosystemsContribute to both preventative and detective security mechanisms, including:Policy enforcement and OPA/Rego‑based guardrailsEvent‑driven detection logic and monitoring patternsWrite and maintain automated test suites, including:Unit testsIntegration and behavioral testsSupport continuous validation of controls within CI/CD pipelines.Work closely with Security Controls Engineers, Threat Modelers, and Cloud Architects to ensure alignment across cloud security initiatives.QualificationsThis position is not a traditional IAM or security analyst role. It requires strong engineering instincts and the ability to write high‑quality, production‑ready code.At least 3 years of hands‑on experience with cloud‑native services in AWS or GCP.Advanced Python expertise — this is mandatory.Experience building and integrating with APIs and writing scalable, maintainable software.Familiarity with automated testing frameworks.Background in designing or implementing enterprise‑grade security solutions within large, complex, or global organizations (Financial Services experience is a plus).Strong communication skills and the ability to operate independently while managing multiple workstreams.Relevant certifications (CISSP, AWS Security Specialty, Google Professional Cloud Security Engineer) are beneficial.Must successfully complete a Python‑focused Karat assessment.Critical CompetenciesHands‑on experience with IaC tools such as Terraform and CloudFormation.Proficiency in Python, with additional experience in Go or Java considered valuable.Strong familiarity with testing frameworks such as pytest, Behave, or JUnit.Experience developing and securing REST and SOAP web service APIs.Understanding of DevOps practices, agile delivery models, and automated deployment/testing through CI/CD pipelines.