[Remote] Sr Cloud Security Engineer - Cloud Cert; CISSP/GIAC EAST COAST ONLY
Note: The job is a remote job and is open to candidates in USA. Volkswagen of America, Inc is seeking a Senior Cloud Security Engineer to lead the strategy, design, and implementation of AWS security capabilities. The role involves securing complex systems and assets, partnering with teams to embed security throughout the SDLC, and mentoring engineers to enhance the organization’s security posture.ResponsibilitiesLead the design and evolution of secure AWS architectures across services such as Amazon VPC, Amazon EC2, Amazon EKS, and AWS LambdaDefine and enforce enterprise-wide security standards for identity, network, data protection, and workload security using AWS IAM and AWS KMSArchitect scalable, secure multi-account environments leveraging AWS best practices (e.g., landing zones, guardrails)Evaluate and introduce new security technologies and frameworks to enhance cloud security postureDrive security-by-design principles across all cloud and platform engineering initiativesLead threat modeling, secure architecture reviews, and risk assessments for complex, distributed systemsEstablish and mature secure SDLC practices, integrating security into CI/CD pipelines at scaleOversee code reviews, security testing (SAST/DAST), and vulnerability management processesEnsure adherence to standards such as OWASP Top 10 and CWE/SANS Top 25Mentor engineering teams on secure coding, architecture patterns, and cloud-native security practicesLead enterprise vulnerability management strategy across cloud infrastructure and applicationsPerform advanced threat-centric assessments to identify systemic risks and architectural weaknessesPrioritize remediation efforts based on business impact and threat intelligenceEnsure compliance with internal policies and external frameworks (e.g., SOC 2, ISO 27001, NIST)Partner with audit and compliance teams to streamline evidence collection and control validationDesign and mature cloud detection and response capabilities using tools such as Amazon GuardDuty, AWS Security Hub, Amazon CloudWatch, and AWS CloudTrailDevelop advanced detection rules, automate response workflows, and improve alert fidelityLead and coordinate incident response for high-severity security eventsConduct post-incident reviews and drive long-term remediation and resilience improvementsAct as a strategic liaison between Security, DevOps, Platform, and Engineering leadershipInfluence architectural decisions and drive adoption of security best practices across teamsLead security initiatives, roadmap planning, and cross-functional projectsDevelop and deliver advanced security training and awareness programsMentor junior engineers and contribute to building a strong security engineering cultureSkills7 - 9 years of experience in technical aspects of cloud, applications, web or mobile5+ years of experience in IT security functionB.S. in Information Technology, Computer Science or equivalent work experienceAdvanced hands-on experience with SIEM platforms for real-time monitoring, threat detection, and incident response, including: Splunk, Elastic Stack (ELK), or Sumo LogicDesigning and implementing SIEM integrations with cloud-native services and Kubernetes environmentsDeveloping log aggregation strategies, correlation rules, and alerting mechanisms to detect misconfigurations, anomalous behavior, and unauthorized accessDeep expertise in Infrastructure-as-Code (IaC) with a strong emphasis on scalable and secure design: Terraform (strongly preferred), AWS CloudFormation, AWS CDKProven ability to enforce security guardrails and policy-as-code within IaC pipelinesExtensive experience with cloud-native security platforms and posture management tools, such as: Wiz, Prisma Cloud, AWS: AWS Security Hub, Amazon GuardDuty, AWS Config, Azure: Microsoft Defender for Cloud, Microsoft Sentinel, GCP: Security Command Center, Forseti SecurityStrong architectural knowledge of cloud security fundamentals, including: Identity and Access Management (IAM) models (RBAC/ABAC) and least-privilege enforcement, VPC architecture, network segmentation, security groups, flow logs, and private endpoints, Encryption standards (TLS), key management (KMS), and secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager)Expertise in container and Kubernetes security, including: Pod security controls (Pod Security Policies, Pod Security Standards) and runtime security (e.g., Falco), Policy-as-code frameworks such as Open Policy Agent (OPA)/Gatekeeper, Kyverno, or KubeArmor, Secure image scanning and software supply chain security tools (e.g., Trivy, Grype, Snyk)Proven leadership in DevSecOps practices, including: Designing and implementing automated security testing, validation, and remediation within CI/CD pipelines, Driving secure-by-design principles across engineering teamsExperience conducting cloud security assessments and audits, with the ability to: Identify risks, gaps, and misconfigurations, Deliver actionable remediation guidance aligned with compliance frameworks and incident response strategiesStrong communication and cross-functional collaboration skills, with experience influencing engineering, DevOps, and platform teamsMasters in Information Technology, Computer Science (or related education)Relevant cloud certifications, such as: AWS, Azure, or GCP Professional/Specialty certificationsIndustry-recognized security certifications, including: CISSP, GIAC, or equivalent advanced security credentialsNice-to-have domain expertise in areas such as data telemetry, V2X communications, or OTA infrastructureCompany OverviewLive life in the driver's seat. It was founded in 1955, and is headquartered in Auburn Hills, Michigan, USA, with a workforce of 1001-5000 employees. Its website is https://www.vw.com/.