About the role:

The Hashgraph Security team is looking for a Senior Cloud Security Engineer, focusing on securing and protecting the infrastructure of cloud-based environments across the organization. As a Senior CloudSec Engineer, you will assist in designing, implementing, and maintaining security controls and solutions across various cloud platforms (AWS, Azure, GCP). Additionally, you’ll help to solve unique security problems related to Blockchain and Web3 ecosystems. You’ll directly be involved in leading the further development of our cloud security program. The ideal candidate will have a strong background in IT security, risk management, and vulnerability management, with extensive experience in cloud security, reporting, and remediation.

You may find yourself doing all of the following:

• Perform routine audits and analysis of cloud platform assets to ensure compliance with regulatory requirements and industry best practices
• Provide subject matter expertise on cloud-related vulnerability management issues to other teams within the organization, and provide risk-appropriate solutions
• Lead or assist in Security Architecture and Implementation projects, engaging DevSecOps best practices
• Work closely with Product Security, Engineering, and DevOps teams to see projects to completion
• Develop and implement security policies, procedures, and guidelines
• Work with DevOps teams to ensure the security of automations, including Terraform and Jenkins
• Secure and manage the security configuration of containers and Kubernetes security, including common risks and mitigations
• Provide regular reports and updates on the organization's security status to management and other relevant stakeholders
• Assist as needed in Incident Response efforts with various stakeholders
• Mentor a team of security analysts and professionals

Qualification Requirements:

• Extensive experience in cloud security, such as securing Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) environments
• Strong understanding of cloud security architecture and cloud security best practices
• Familiarity with common cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform
• Experience with containerization and cloud orchestration technologies such as Docker, Kubernetes, Terraform, Teleport, or Ansible, and their associated security best practices
• Knowledge of network security, familiarity with network security concepts and protocols, including firewalls, VPNs, intrusion detection and prevention, and network segmentation
• Bachelor's degree in Computer Science, Information Technology, or related field
• 5+ years of experience in Cloud Security, Product Security, Risk Management, or Vulnerability management
• Knowledge of and experience with cloud security, including securing Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) environments, as well as familiarity with cloud service providers, such as AWS, Azure, and Google Cloud Platform
• Strong knowledge of best practices and regulatory requirements (e.g., SOC2, ISO 27001, etc.)
• Strong communication and interpersonal skills, with the ability to collaborate effectively with internal stakeholders and external vendors
• Strong time management skills
• This position requires a certain level of autonomy
• Experience in project management and leadership skills
• Familiarity with cloud security, network security, application security, and endpoint security
• Excellent analytical, problem-solving, and decision-making skills
• Proven track record of successfully implementing and maintaining security technologies and processes in complex environments
• A strong commitment to staying current with industry trends, emerging threats, and best cybersecurity practices

Other skills that are great to bring with you but that we can help you develop:

• Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash
• Knowledge about Blockchain / Crypto / Web3
• Relevant industry certifications such as CISSP, CISM, or similar