Overview
As an AWS Security Platform Engineer, you will play a pivotal role in shaping and securing a large-scale AWS environment for a major enterprise organization. This hands-on engineering position focuses on designing and implementing AWS-native security controls and services, collaborating closely with various teams including Platform, Cloud, DevOps, and Engineering to ensure a secure environment that supports rapid deployment and efficiency.
Responsibilities
- Design and operate AWS security services including GuardDuty, Security Hub, IAM, KMS, CloudTrail, and WAF.
- Build and maintain AWS Landing Zone guardrails and security controls.
- Implement IAM best practices including least privilege and cross-account access.
- Automate security controls using Terraform, CloudFormation, Lambda, and CI/CD pipelines.
- Monitor AWS environments for threats, vulnerabilities, and misconfigurations.
- Embed security into cloud engineering and deployment pipelines.
- Support incident response and remediation across AWS workloads.
- Produce security standards, patterns, and documentation.
Requirements
- Strong hands-on AWS security engineering experience.
- Experience implementing AWS-native security tooling and controls.
- Strong knowledge of IAM, SCPs, permission boundaries, and AWS identity patterns.
- Experience with AWS Landing Zones and multi-account AWS environments.
- Strong Infrastructure as Code experience with Terraform and/or CloudFormation.
- Experience embedding security into CI/CD and DevOps workflows.
- Ability to automate security processes and controls.
- Strong understanding of cloud security best practices and risk mitigation.