Global Applications Solution
AWS Cloud Security & Compliance Engineer
Global Applications Solution, Charlotte, North Carolina, United States, 28245
AWS Cloud Security & Compliance Engineer
We are seeking an experienced
AWS Cloud Security & Compliance Engineer
to own the security and governance of our AWS infrastructure. You will design, implement, and maintain controls that ensure
least-privilege access, data protection, auditability, and continuous compliance
with
ISO 27001
and
SOC 1/2
requirements.
This is a hands‑on role combining
cloud architecture, IAM governance, security automation, and compliance documentation .
Responsibilities
Design and enforce IAM policies, roles, and SCPs using least privilege.
Implement AWS Organizations, Control Tower, GuardDuty, Security Hub, Config, and CloudTrail for centralized governance.
Manage MFA, SSO (AWS IAM Identity Center), and just‑in‑time access workflows.
Conduct regular privilege access reviews and automate user/role lifecycle management.
Lead ISO 27001 and SOC 1/2 control implementation (e.g., A.9, A.12, SC‑13, PI‑7).
Own risk assessments, control evidence collection, and audit preparation.
Develop and maintain data classification, encryption (KMS, SSE), and data residency policies.
Ensure PCI DSS alignment for payment data flows.
Build IaC security using Terraform or similar tools.
Automate compliance checks via AWS Config Rules, Security Hub, and custom Lambda scripts.
Respond to and triage findings from GuardDuty, Inspector, Macie, and third‑party scanners.>
Maintain SSP, Risk Register, and control matrices.
Prepare audit‑ready evidence (logs, configs, access reports).
Train engineering teams on secure AWS practices.
Required Qualifications
10+ years in cloud infrastructure; 5+ years in cloud security; 3+ years focused on AWS.
Hands‑on experience with AWS IAM, Organizations, SCPs, KMS, CloudTrail, Config, Security Hub.
Terraform / CloudFormation for secure infrastructure.
ISO 27001 and SOC 2 control frameworks.
Active AWS certifications: Security Specialty or Solutions Architect Professional (required).
Experience supporting external audits (SOC 2 Type II, ISO 27001).
Strong understanding of encryption at rest/transit, network security (VPC, NACLs, WAF), and secrets management.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Consulting, Engineering, and Information Technology
Industries IT Services and IT Consulting, Computer and Network Security, and IT System Custom Software Development
#J-18808-Ljbffr
AWS Cloud Security & Compliance Engineer
to own the security and governance of our AWS infrastructure. You will design, implement, and maintain controls that ensure
least-privilege access, data protection, auditability, and continuous compliance
with
ISO 27001
and
SOC 1/2
requirements.
This is a hands‑on role combining
cloud architecture, IAM governance, security automation, and compliance documentation .
Responsibilities
Design and enforce IAM policies, roles, and SCPs using least privilege.
Implement AWS Organizations, Control Tower, GuardDuty, Security Hub, Config, and CloudTrail for centralized governance.
Manage MFA, SSO (AWS IAM Identity Center), and just‑in‑time access workflows.
Conduct regular privilege access reviews and automate user/role lifecycle management.
Lead ISO 27001 and SOC 1/2 control implementation (e.g., A.9, A.12, SC‑13, PI‑7).
Own risk assessments, control evidence collection, and audit preparation.
Develop and maintain data classification, encryption (KMS, SSE), and data residency policies.
Ensure PCI DSS alignment for payment data flows.
Build IaC security using Terraform or similar tools.
Automate compliance checks via AWS Config Rules, Security Hub, and custom Lambda scripts.
Respond to and triage findings from GuardDuty, Inspector, Macie, and third‑party scanners.>
Maintain SSP, Risk Register, and control matrices.
Prepare audit‑ready evidence (logs, configs, access reports).
Train engineering teams on secure AWS practices.
Required Qualifications
10+ years in cloud infrastructure; 5+ years in cloud security; 3+ years focused on AWS.
Hands‑on experience with AWS IAM, Organizations, SCPs, KMS, CloudTrail, Config, Security Hub.
Terraform / CloudFormation for secure infrastructure.
ISO 27001 and SOC 2 control frameworks.
Active AWS certifications: Security Specialty or Solutions Architect Professional (required).
Experience supporting external audits (SOC 2 Type II, ISO 27001).
Strong understanding of encryption at rest/transit, network security (VPC, NACLs, WAF), and secrets management.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Consulting, Engineering, and Information Technology
Industries IT Services and IT Consulting, Computer and Network Security, and IT System Custom Software Development
#J-18808-Ljbffr