Brief Role Description

Candidates must reside on the East Coast of the United States to be considered.

As a Senior Cloud Security Engineer, you will lead the strategy, design, and implementation of AWS security capabilities supporting autonomous vehicle development, testing, and deployment at MOIA America. You will be responsible for securing complex, distributed systems and high-value assets including cloud platforms, vehicle telemetry pipelines, AI/ML models, real-time services, and regulated data.

In this senior role, you will architect and scale security solutions across AWS services such as Amazon VPC, AWS Organizations, Amazon CloudWatch, and AWS CloudTrail. You will define and enforce security standards across identity, network, data protection, and workload security domains.

You will partner with cross-functional teams to embed security throughout the SDLC, lead threat modeling and risk assessments, and drive automation using Infrastructure as Code (e.g., Terraform). Additionally, you will mentor engineers, influence architectural decisions, and continuously enhance the organization’s security posture through governance, detection engineering, and proactive risk mitigation strategies

Possible Tasks within this Role

Cloud Security Architecture & Strategy - 35%

• Lead the design and evolution of secure AWS architectures across services such as Amazon VPC, Amazon EC2, Amazon EKS, and AWS Lambda
• Define and enforce enterprise-wide security standards for identity, network, data protection, and workload security using AWS IAM and AWS KMS
• Architect scalable, secure multi-account environments leveraging AWS best practices (e.g., landing zones, guardrails)
• Evaluate and introduce new security technologies and frameworks to enhance cloud security posture
• Drive security-by-design principles across all cloud and platform engineering initiatives

Lead Application Security & DevSecOps - 20%

• Lead threat modeling, secure architecture reviews, and risk assessments for complex, distributed systems
• Establish and mature secure SDLC practices, integrating security into CI/CD pipelines at scale
• Oversee code reviews, security testing (SAST/DAST), and vulnerability management processes
• Ensure adherence to standards such as OWASP Top 10 and CWE/SANS Top 25
• Mentor engineering teams on secure coding, architecture patterns, and cloud-native security practices

Risk, Vulnerability Management & Compliance - 15%

• Lead enterprise vulnerability management strategy across cloud infrastructure and applications
• Perform advanced threat-centric assessments to identify systemic risks and architectural weaknesses
• Prioritize remediation efforts based on business impact and threat intelligence
• Ensure compliance with internal policies and external frameworks (e.g., SOC 2, ISO 27001, NIST)
• Partner with audit and compliance teams to streamline evidence collection and control validation

Security Monitoring, Detection & Incident Response - 15%

• Design and mature cloud detection and response capabilities using tools such as Amazon GuardDuty, AWS Security Hub, Amazon CloudWatch, and AWS CloudTrail
• Develop advanced detection rules, automate response workflows, and improve alert fidelity
• Lead and coordinate incident response for high-severity security events
• Conduct post-incident reviews and drive long-term remediation and resilience improvements

Cross-Functional Collaboration & Security Enablement - 15%

• Act as a strategic liaison between Security, DevOps, Platform, and Engineering leadership
• Influence architectural decisions and drive adoption of security best practices across teams
• Lead security initiatives, roadmap planning, and cross-functional projects
• Develop and deliver advanced security training and awareness programs
• Mentor junior engineers and contribute to building a strong security engineering culture

Qualification requirements

Years of Relvant Experince

• 7 - 9 years of experience in technical aspects of cloud, applications, web or mobile
• 5+ years of experience in IT security function

Education

Required:  B.S. in Information Technology, Computer Science or equivalent work experience

Desired:    Masters in Information Technology, Computer Science (or related education)

Skills

• Exceptional communication skills
• Problem solving skills
• Analytical skills
• Conceptual thinking skills
• Integration - joining people, processes, systems
• Excellent presentation and writing skills
• Experience with cross-functional collaboration
• Ability to build and maintain strong ties in a multicultural environment
• Strong customer orientation

Work Flexibility

Required/Desired Skills

Required Skills:

• Advanced hands-on experience with SIEM platforms for real-time monitoring, threat detection, and incident response, including:
  • Splunk, Elastic Stack (ELK), or Sumo Logic
  • Designing and implementing SIEM integrations with cloud-native services and Kubernetes environments
  • Developing log aggregation strategies, correlation rules, and alerting mechanisms to detect misconfigurations, anomalous behavior, and unauthorized access
• Deep expertise in Infrastructure-as-Code (IaC) with a strong emphasis on scalable and secure design:
  • Terraform (strongly preferred), AWS CloudFormation, AWS CDK
  • Proven ability to enforce security guardrails and policy-as-code within IaC pipelines
• Extensive experience with cloud-native security platforms and posture management tools, such as:
  • Wiz, Prisma Cloud
  • AWS: AWS Security Hub, Amazon GuardDuty, AWS Config
  • Azure: Microsoft Defender for Cloud, Microsoft Sentinel
  • GCP: Security Command Center, Forseti Security
• Strong architectural knowledge of cloud security fundamentals, including:
  • Identity and Access Management (IAM) models (RBAC/ABAC) and least-privilege enforcement
  • VPC architecture, network segmentation, security groups, flow logs, and private endpoints
  • Encryption standards (TLS), key management (KMS), and secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager)
• Expertise in container and Kubernetes security, including:
  • Pod security controls (Pod Security Policies, Pod Security Standards) and runtime security (e.g., Falco)
  • Policy-as-code frameworks such as Open Policy Agent (OPA)/Gatekeeper, Kyverno, or KubeArmor
  • Secure image scanning and software supply chain security tools (e.g., Trivy, Grype, Snyk)
• Proven leadership in DevSecOps practices, including:
  • Designing and implementing automated security testing, validation, and remediation within CI/CD pipelines
  • Driving secure-by-design principles across engineering teams
• Experience conducting cloud security assessments and audits, with the ability to:
  • Identify risks, gaps, and misconfigurations
  • Deliver actionable remediation guidance aligned with compliance frameworks and incident response strategies
• Strong communication and cross-functional collaboration skills, with experience influencing engineering, DevOps, and platform teams
• Nice-to-have domain expertise in areas such as data telemetry, V2X communications, or OTA infrastructure 

Desired:

Relevant cloud certifications, such as:

• AWS, Azure, or GCP Professional/Specialty certifications

Industry-recognized security certifications, including:

• CISSP, GIAC, or equivalent advanced security credentials