Cloud Security Engineer

- Deep expertise with service mesh architectures (e.g., Istio, Kong) - Extensive experience managing and configuring API gateways (e.g. Kong, Amazon API Gateway) - Authentication and authorization through OIDC, OAuth2, JWT, and mTLS - Secure API exposure and traffic governance - Strong experience managing PKI and certificate lifecycles - Practical experience deploying and managing mTLS within distributed systems and Kubernetes workloads - Experience integrating certificate authorities (CAs) and automating certificate management (e.g., cert-manager) - Understanding of trust models and certificate chain validation in zero-trust environments - Strong background in security hardening and zero-trust architecture - Enforcing default mTLS across workloads - Carrying out infrastructure-level authentication and authorization - Crafting and maintaining fine-grained access control policies - Experience building and maintaining zero-trust security models across multi-cluster or distributed systems - Write and detail security policies and practices with clear, practical mentorship - Strong experience securing Kubernetes environments - Implementing namespace isolation and protection strategies - Crafting and enforcing access controls and policies - Managing service accounts and workload identities securely - Familiarity with Kubernetes security guidelines (least privilege access, network policies, workload segmentation) - Bachelor's degree or equivalent experience required - Proficiency in scripting and programming languages such as Python and Go - Demonstrated experience applying and upholding security governance frameworks - Hands-on experience working with multi-cloud environments, particularly AWS and GCP - Strong experience with Kubernetes and containerized environments - Build, and implement security controls and frameworks - Experience implementing security guidelines (mTLS, OAuth2, JWT, RBAC, ABAC) - Detect security gaps, and lead efforts to mature security tooling and operational processes - Work closely with product and platform teams to define system requirements, engineer, and implement cloud based security applications and controls - Write code to automate security processes which seamlessly integrate into code builds and deployments, applying DevSecOps processes and tools - Develop, and deploy automation solutions that help audit, secure, and affect changes across multi-cloud environments - Reviewing tools for improving platform availability using automated protection mechanisms - Experience with monitoring and observability tools (Grafana, Datadog) - Research and recommend new technologies and collaborates on solutions - Excellent written and oral communication skills. Strong social skills include the ability to articulate to both technical and non-technical audiences. Also, strong analytical and problem-solving skills. - Technical certifications or other demonstrations of passion in security and technology such as CISSP, CCSP are a plus!