Cloud Security Lead

Cloud Security LeadRemote USCleo is seeking a Lead Cloud Security Engineer to design, implement, and continuously improve security controls across our cloud infrastructure and SaaS environments.This role is responsible for strengthening Cleo's AWS security posture, embedding secure-by-default cloud guardrails, and partnering closely with Platform and Engineering teams to reduce infrastructure risk without slowing innovation.The ideal candidate is hands-on, technically deep in AWS, and experienced in building scalable cloud security capabilities in a high-growth SaaS environment.What You Will Be DoingCloud Security ArchitectureDesign and implement secure cloud architecture patternsEstablish guardrails for AWS accounts and servicesStrengthen multi-account strategy and segmentationImprove IAM design, permission boundaries, and least-privilege modelsReview major infrastructure changes for security impactCloud Detection and VisibilityImplement and tune cloud-native detection capabilitiesIntegrate AWS security services into centralized monitoringIdentify misconfigurations and excessive permissionsImprove signal-to-noise ratio in cloud alertsInfrastructure as Code SecurityEmbed security controls into Terraform or other IaC workflowsEnforce policy-as-code guardrailsEnsure IaC scanning is integrated into CI/CD pipelinesReduce configuration drift across environmentsVulnerability and Configuration ManagementOversee cloud misconfiguration detection and remediationTrack infrastructure vulnerability exposureReduce critical vulnerability exposure windowPartner with Platform teams to automate remediationData Protection and EncryptionEnsure proper encryption standards across storage and databasesManage KMS usage and key lifecycle best practicesStrengthen logging and monitoring coverageIncident Response SupportLead cloud-focused investigations during security incidentsImprove forensic readiness in AWSHarden logging and evidence retention practicesAutomation and Continuous ImprovementAutomate guardrails and enforcement mechanismsImprove developer experience with secure cloud defaultsReduce manual cloud security reviewsOptimizing tooling cost and effectivenessMetrics and ReportingDefine KPIs for cloud security postureReport on misconfiguration trends and exposure windowsProvide executive-level reporting on infrastructure riskSupport audit and compliance evidence collectionYour QualificationsRequired7+ years of experience in cloud security, cloud engineering, or infrastructure securityDeep expertise in AWS architecture and servicesStrong understanding of IAM design and least-privilege principlesExperience with Infrastructure as Code and CI/CD integrationExperience implementing cloud-native detection and monitoringAbility to translate infrastructure risk into business impactPreferredExperience in mid-market or high-growth SaaS environmentsExperience supporting SOC 2 or similar auditsFamiliarity with policy-as-code frameworksExperience building multi-account AWS environmentsRelevant certifications such as AWS Security Specialty, CISSP, or equivalentA few things we have to offer$130,000 to $150,000 base salary + bonus opportunityGreat Healthcare + Dental + VisionFlexible PTOCulture of support, encouraging Life-Work balance401k matchFSA and HSA optionsEmployee Assistance ProgramPaid Parental LeaveRepresenting a company with 4,000+ clients and a 99% retention rateAccelerated title and salary growth potentialA fun and energetic work environment that makes you excited to go to work every dayWe use artificial intelligence (AI) tools to assist in certain stages of our recruitment process, such as resume screening and candidate matching. These tools are designed to support fair and consistent evaluations. If you have questions about this process or would like to request an alternative assessment method, please contact us at hr@cleo.com.Cleo Communications US, LLC is an equal opportunity/affirmative action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, protected veteran status, or any other characteristic protected by law.J-18808-Ljbffr