[Remote] Senior Cloud Security Engineer
Note: The job is a remote job and is open to candidates in USA. Pax8 is redefining how cloud technology is bought, sold, and secured, and they are seeking a Senior Cloud Security Engineer to help define, assess, and secure their cloud platforms. This role involves shaping the security posture of Pax8's cloud and platform ecosystem by evaluating current systems, identifying security gaps, and establishing security standards.
Responsibilities
- Review AWS, Kubernetes, CI/CD, and SaaS environments to identify security gaps, misconfigurations, and architectural weaknesses
- Perform threat modeling, security architecture reviews, and cloud security assessments to identify attack paths, trust boundaries, and opportunities to reduce blast radius
- Assess platform infrastructure against established security baselines and drive remediation efforts or formal risk acceptance
- Validate that security controls are operating as intended across cloud, identity, network, and platform layers
- Establish and evolve cloud and platform security hardening standards across AWS, Kubernetes, CI/CD, and SaaS platforms
- Translate infrastructure architecture into clear, actionable security expectations—and validate they work in practice
- Develop reference architectures, decision records (ADRs), and security design guidance that engineering teams can operationalize
- Define and maintain secure patterns, guardrails, and baseline configurations for cloud-native delivery
- Define and enforce least-privilege access models across AWS and Kubernetes environments
- Review and improve IAM policies, RBAC models, identity federation, service identities, and cross-account trust boundaries
- Partner with engineering teams to reduce unnecessary privilege and strengthen access controls without impacting delivery velocity
- Assess and improve CI/CD security controls including federated identity, GitHub Actions security, secrets management, deployment protections, and pipeline trust boundaries
- Review Infrastructure-as-Code patterns and recommend secure-by-default approaches
- Help engineering teams build secure delivery workflows that scale
- Validate network security controls, segmentation boundaries, ingress controls, and cloud networking architecture
- Assess Kubernetes security controls including RBAC, service accounts, workload identities, and network policies
- Ensure security controls are aligned to platform risk and business impact
- Maintain platform security posture visibility through metrics, reporting, and security tracking mechanisms
- Track remediation progress and communicate risk in terms of business impact, exposure reduction, and blast radius
- Help leadership understand where security investments are reducing risk and enabling secure growth
- Partner closely with DevOps, SRE, and Engineering teams as a trusted advisor and platform security authority
- Influence technical decisions through expertise, collaboration, and practical recommendations rather than direct authority
- Help teams understand not just what needs to change—but why it matters and what good looks like
Skills
- 7+ years of experience in Cloud Security, Infrastructure Security, Platform Security, Security Architecture, DevSecOps, or related disciplines
- Experience assessing cloud environments and identifying security weaknesses, misconfigurations, or architectural risks
- Extensive hands-on AWS expertise across IAM, VPC, EKS, KMS, Secrets Manager, CloudTrail, S3, logging, networking, and access controls
- Proven Kubernetes security experience including RBAC, service accounts, workload identities, network policies, and workload isolation
- Experience securing CI/CD pipelines and cloud-native delivery workflows
- Strong understanding of threat modeling and risk-based security assessments
- Experience writing or maintaining security standards, hardening baselines, reference architectures, or security design guidance
- Strong Infrastructure-as-Code fluency, particularly Terraform, with the ability to read and review Helm charts
- Experience partnering with DevOps, SRE, Platform Engineering, or Infrastructure teams
- Ability to operate independently and influence outcomes without formal authority
- Experience within large SaaS, technology, fintech, cloud-native, or highly regulated organizations
- Experience with GitHub Actions, OIDC federation, secrets management, and deployment protection controls
- Experience operating CNAPP, CSPM, or cloud security posture management platforms beyond dashboard review
- Experience producing ADRs, security design documents, or architecture standards that engineering teams actively use
- Familiarity with AI platform security, agentic workloads, and AI-enabled development practices
- Relevant certifications such as AWS Security Specialty, CCSP, CISSP, CKS, or equivalent
Benefits
- Competitive salary and annual performance bonus
- Stock options
- Comprehensive medical, dental, and vision insurance
- 401(k) retirement plan with company contribution
- Generous paid time off and company holidays
- Dedicated learning time with LinkedIn Learning access
- Wellbeing initiatives and employee assistance programs
- Non-Commissioned Bonus Plans or Variable Commission
- 401(k) plan with employer match
- Medical, Dental & Vision Insurance
- Employee Assistance Program
- Employer Paid Short & Long Term Disability, Life and AD&D Insurance
- Flexible, Open Vacation
- Paid Sick Time Off
- Extended Leave for Life events
- RTD Eco Pass (For local Colorado Employees)
- Career Development Programs
- Stock Option Eligibility
- Employee-led Resource Groups
Company Overview