AWS Security Engineer

We are seeking an experienced AWS Security Engineer to ensure the security, compliance, and protection of our cloud-based infrastructure. The ideal candidate will have strong hands-on experience with AWS security services, cloud risk assessments, incident response, and continuous security monitoring. This role collaborates closely with Cloud Engineering, DevOps, and Application teams to maintain a secure, compliant, and resilient cloud environment.

What you will do:

• Lead and support vulnerability scanning and remediation efforts for cloud resources
• Manage IAM roles/policies, identity federation, encryption, KMS, and secrets management
• Provision and manage AWS infrastructure using Infrastructure as Code (IaC) tools such as Terraform
• Develop custom scripts for CloudWatch metrics and alarms based on application-specific probes
• Implement alerting and automated remediation workflows
• Assist with incident response, investigations, and root cause analysis of cloud security events
• Develop and maintain security architecture documentation, runbooks, and procedures
• Conduct AWS security posture assessments using automated tools
• Monitor and maintain AWS security controls using cloud-native detection and monitoring tools
• Partner with DevOps and engineering teams to embed security best practices into CI/CD pipelines and IaC
• Implement and enhance AWS security controls, guardrails, and baseline configurations
• Continuously evaluate AWS environments for cost-effective security improvements
• Conduct threat modeling, vulnerability analysis, and remediation coordination
• Support internal and external audits by gathering evidence and preparing documentation
• Maintain compliance with NIST, FISMA, and FedRAMP requirements
• Assist in risk assessments and security control testing
• Support change control processes and ensure accurate system/process documentation
• Evaluate emerging cloud security tools and recommend improvements
• Participate in on-call rotations to support 24/7 production systems

Required Qualifications:

• Bachelor’s degree and 8 years or 6 years with a Master’s degree.
• Proficiency with Python and Bash scripting
• Hands-on experience with ECS, EKS, EC2, and Lambda
• Strong experience with Git and CI/CD pipelines
• Advanced Terraform skills, including modules, variables, and workspaces
• Deep knowledge of AWS security services: IAM, KMS, GuardDuty, Security Hub, CloudTrail, Config Rules
• Ability to conduct IAM policy/permissions audits and enforce least privilege
• Skilled at interpreting access logs, cloud configurations, and IAM policies
• Excellent written and verbal communication skills
• Strong analytical and problem-solving abilities
• Must be a U.S. Citizen
• Must be able to obtain and maintain the required Agency clearance

Preferred Qualifications:

• AWS certifications such as Cloud Practitioner or Security Specialty
• Security compliance or audit certifications (e.g., CISA, Security+, etc.)