Cloud Space LLC
AWS Cloud Security & Compliance Engineer (SecOps – Enterprise Governance)
Cloud Space LLC, Boston, Massachusetts, us, 02298
AWS Cloud Security & Compliance Engineer (SecOps – Enterprise Governance)
Location:
Boton , MA •
Employment type:
Full time
Base pay range $130,000 – $140,000 per year
Job Overview We are a fast-growing Payment Service Provider operating a mission‑critical platform on AWS Cloud. With millions of transactions processed daily, we prioritize security, compliance, and operational resilience. As we scale globally, we are strengthening our cloud security posture to meet ISO 27001 and SOC 1/2 standards.
Role We are looking for an experienced AWS Cloud Security & Compliance Engineer to own the security and governance of our AWS infrastructure. This is a hands‑on role involving:
Cloud architecture
IAM governance
Security automation
Compliance operations & documentation
Responsibilities AWS Security & Access Management
Design and enforce IAM policies, roles, and SCPs using least‑privilege principles.
Implement AWS Organizations, Control Tower, GuardDuty, Security Hub, Config, and CloudTrail for centralized governance.
Manage MFA, SSO (AWS IAM Identity Center), and just‑in‑time access workflows.
Conduct regular privileged access reviews and automate user/role lifecycle management.
Compliance & Data Governance
Lead ISO 27001 and SOC 1/2 control implementation (e.g., A.9, A.12, SC‑13, PI‑7).
Own risk assessments, control evidence collection, and audit preparations.
Maintain data classification, encryption (KMS, SSE), and data residency policies.
Ensure PCI DSS alignment for payment data flows.
Security Automation & Monitoring
Build Infrastructure‑as‑Code security using Terraform or similar tools.
Automate compliance checks via AWS Config Rules, Security Hub, and Lambda scripts.
Respond to and triage findings from GuardDuty, Inspector, Macie, and third‑party scanners.
Documentation & Reporting
Maintain System Security Plan (SSP), Risk Register, and control matrices.
Prepare audit‑ready evidence (logs, configs, access reports).
Train engineering teams on secure AWS best practices.
Required Qualifications
10+ years in cloud infrastructure; 5+ years in cloud security; 3+ years specifically on AWS.
Hands‑on expertise with AWS IAM, Organizations, SCPs, KMS, CloudTrail, Config, Security Hub.
Terraform / CloudFormation for secure infrastructure.
Strong understanding of encryption at rest/transit, network security (VPC, NACLs, WAF), and secrets management.
Experience with external audits (SOC 2 Type II, ISO 27001).
AWS Security Specialty or Solutions Architect Professional certification required.
Skills cloud security, compliance, enterprise governance, infrastructure
#J-18808-Ljbffr
Boton , MA •
Employment type:
Full time
Base pay range $130,000 – $140,000 per year
Job Overview We are a fast-growing Payment Service Provider operating a mission‑critical platform on AWS Cloud. With millions of transactions processed daily, we prioritize security, compliance, and operational resilience. As we scale globally, we are strengthening our cloud security posture to meet ISO 27001 and SOC 1/2 standards.
Role We are looking for an experienced AWS Cloud Security & Compliance Engineer to own the security and governance of our AWS infrastructure. This is a hands‑on role involving:
Cloud architecture
IAM governance
Security automation
Compliance operations & documentation
Responsibilities AWS Security & Access Management
Design and enforce IAM policies, roles, and SCPs using least‑privilege principles.
Implement AWS Organizations, Control Tower, GuardDuty, Security Hub, Config, and CloudTrail for centralized governance.
Manage MFA, SSO (AWS IAM Identity Center), and just‑in‑time access workflows.
Conduct regular privileged access reviews and automate user/role lifecycle management.
Compliance & Data Governance
Lead ISO 27001 and SOC 1/2 control implementation (e.g., A.9, A.12, SC‑13, PI‑7).
Own risk assessments, control evidence collection, and audit preparations.
Maintain data classification, encryption (KMS, SSE), and data residency policies.
Ensure PCI DSS alignment for payment data flows.
Security Automation & Monitoring
Build Infrastructure‑as‑Code security using Terraform or similar tools.
Automate compliance checks via AWS Config Rules, Security Hub, and Lambda scripts.
Respond to and triage findings from GuardDuty, Inspector, Macie, and third‑party scanners.
Documentation & Reporting
Maintain System Security Plan (SSP), Risk Register, and control matrices.
Prepare audit‑ready evidence (logs, configs, access reports).
Train engineering teams on secure AWS best practices.
Required Qualifications
10+ years in cloud infrastructure; 5+ years in cloud security; 3+ years specifically on AWS.
Hands‑on expertise with AWS IAM, Organizations, SCPs, KMS, CloudTrail, Config, Security Hub.
Terraform / CloudFormation for secure infrastructure.
Strong understanding of encryption at rest/transit, network security (VPC, NACLs, WAF), and secrets management.
Experience with external audits (SOC 2 Type II, ISO 27001).
AWS Security Specialty or Solutions Architect Professional certification required.
Skills cloud security, compliance, enterprise governance, infrastructure
#J-18808-Ljbffr