• Compensation: $185,000 - $225,000 Per Year Plus Bonus

• Location: New York,, New York
• Type: Perm
• Job #21711

A global multi manager hedge fund is looking for a Cloud Security Engineer for their NYC office.  This person will develop comprehensive cloud security strategies that align with the firm’s goals, including security policies, procedures, and controls.

Responsibilities:

• Design and implement a comprehensive security infrastructure across multiple public cloud environments, including AWS, Azure, and GCP
• Develop and enforce Key Risk Indicators (KRIs) to ensure compliance with industry-leading frameworks such as NIST CSF and Cloud Security Alliance CCM
• Manage and enforce security controls across a complex, multi-cloud environment, including IAM, encryption, networking, and logging
• Implement and enforce security standards for cloud services, including ComputeEngine, BigQuery, EC2, Lambda, ScaleSets, Object storage, and various GenAI services
• Develop and implement an encryption strategy, including key management and rotation
• Conduct regular security assessments and audits to ensure the security of our cloud infrastructure and identify areas for improvement
• Utilize Terraform for provisioning, compliance, and management of cloud infrastructure, and implement policy-as-code using Open Policy Agent (OPA) to enforce security and compliance policies
• Secure Kubernetes deployments and apply best practices, and collaborate with Cloud Engineering and development teams to ensure secure architecture practices are followed
• Manage cloud risk through Cloud Security Posture Management (CSPM) and Cloud Detection and Response (CDR) tools, and work with Security Operations to design incident response and disaster recovery plans
• Stay current with security trends, advisories, incidents, and vulnerability bulletins to ensure the organization’s cloud infrastructure remains secure and up-to-date

Qualifications:

• 5-7 years of hands-on experience in cloud security, with a focus on AWS and GCP environments
• Deep understanding of cloud architecture, frameworks and cloud security best practices, and a proven track record of successfully implementing secure highly available cloud applications
• Strong understanding of cloud network protocols and IP networking, including Interconnect and Private Service Connect, Direct Connect, ExpressRoute etc
• Experience with Terraform, Kubernetes and policy-as-code, preferably using OPA or Sentinel
• In-depth experience with Cloud Security Posture Management (CSPM) platforms such as Wiz, Prisma Cloud and Cloud Detection and Risk (CDR) tools