Senior Cloud Security Engineer

Role Overview

We are seeking aSenior Cloud Security Engineer to join our security team.

Based in Colombia, you will be responsible for designing, implementing, and maintaining cybersecurity solutions that protect our cloud infrastructure and data.

Reporting to the Director of Information Security, you will partner with Corporate IT, Cloud Infrastructure, DevOps, software development, and stakeholders to embed security best practices into our technology stack and ensure compliance with industry standards.

This is ahands-on role for someone who thrives in a fast-paced environment, has strong problem-solving skills, and is passionate about cloud security.

Key Responsibilities

• Operate and optimize cloud-native security tools (e.g., Orca Security, AWS Security Hub, Azure Security Center, Microsoft Defender, Purview/Priva) to safeguard sensitive data, detect cloud threats, secure SaaS & AI usage, and enforce secure configurations.
  
  
• Develop and enforce cloud security policies, standards, and automation scripts to ensure scalable and consistent security practices.
  
  
• Drive vulnerability and patch management across cloud infrastructure, working closely with the Cloud Infrastructure team to harden externally exposed services, validate remediation effectiveness, and reduce false positives.
  
  
• Strengthen secure cloud architecture by collaborating on backup resiliency, integrating security into CI/CD pipelines, and tuning protective platforms including WAF, bot mitigation, and DDoS tools.
  
  
• Collaborate with managed NOC/SOC partners to ensure telemetry data from cloud infrastructure and endpoints integrates seamlessly into SIEM and IDS platforms.
  
  
• Deliver actionable insights by developing security dashboards, reports, and KPIs for risk management, executive leadership, and board-level readouts.
  
  
• Automate compliance and enforcement using policy-as-code, integrating cloud telemetry with GRC platform to streamline evidence collection and regulatory workflows.
  
  
• Enhance secure access through VPNs, zero-trust initiatives, IAM integration, and continuous monitoring across AWS, Azure, and SaaS environments.
  
  
• Lead proactive risk management activities, including penetration testing, threat modeling, and regular risk assessments.
  
  
• Champion a security-first culture by partnering with Corporate IT, cloud engineers, and developers to embed secure design principles.
  
  
• Ensure regulatory compliance with SOC 2, ISO 27001, GDPR, and other frameworks.
  
  
• Communicate effectively with distributed teams (U.S. and LATAM), fostering collaboration and knowledge sharing in English.
  
  
• Support incident response by participating in on-call rotations and providing after-hours coverage when required.
  
  

Must-Have Qualifications

• 5+ years of experience in security engineering, infrastructure security, or cloud security.
  
  
• 2+ years of hands-on AWS cloud security experience, including tooling and service hardening.
  
  
• Proven expertise with cloud-native security and compliance platforms (e.g., Orca Security, Wiz).
  
  
• Strong knowledge of SIEM, CSPM, EDR, vulnerability scanners, WAF.
  
  
• Proficiency in scripting (Python, Bash, or PowerShell) to automate security controls.
  
  
• Experience with Microsoft EDR (Defender for Endpoint) strongly preferred.
  
  
• Ability to correlate vulnerability scanning data with detection tuning, collaborating with MSPs.
• Deep understanding of cybersecurity principles, threats, and vulnerabilities.
  
  
• Experience refining and validating scope for security requirements and controls.
  
  
• Familiarity with immutable infrastructure and resilient backup practices.
  
  
• Prior experience working in SOC-compliant or regulated environments.
  
  

Nice-to-Have Qualifications

• Professional certifications: AWS Security Specialty, GCLD, CCSP, or CCSK.
  
  
• Experience with enterprise firewalls (e.g., Palo Alto, Fortinet).
  
  
• Familiarity with IaC and automation tools (Terraform, Ansible, CloudFormation).
  
  
• Hands-on knowledge of container runtime security and RBAC controls
• Experience implementing secure configuration baselines across AWS, and containerized environments, integrating them into IaC workflows and CI/CD pipelines.