Lead Cloud Security Engineer

Job Description

About the Role We're seeking a Lead Cloud Security Engineer to join our Product Security team’s Cloud Infrastructure Security wing, where you'll play a critical role in building and maintaining security infrastructure that prevents issues before they become incidents. Working closely with our leads across Qualys, you'll design and implement security controls, automation, and policies that protect our cloud-native products at scale.

What You'll Do Cloud Security Engineering Design, implement, and maintain security controls for Kubernetes environments across multiple clusters Develop and optimize Infrastructure as Code (IaC) security patterns using tools like Terraform and CloudFormation Build and enforce Policy as Code frameworks to ensure consistent security posture across cloud platforms Create and maintain security policies for Platform-as-a-Service (PaaS) offerings Conduct security reviews of cloud architecture as well as services, recommend hardening measures, and drive adoption through IaC and PaC. Cloud Security Posture Management (CSPM) Write/ create appropriate security policies Review the CSPM findings and work with appropriate stakeholders to get the findings remediated. Quarterly posture assessment presentation with the stakeholders Process Automation Develop automation solutions to streamline security workflows and eliminate manual security tasks Build security tooling and integrations that enable product teams to shift security left Create automated compliance checks and remediation workflows Implement security testing automation within CI/CD pipelines Design self-service security capabilities that empower engineering teams Security Analysis Perform in-depth security assessments of applications, infrastructure, and cloud environments Analyze security telemetry and metrics to identify trends and potential vulnerabilities Investigate security findings and provide detailed remediation guidance Conduct threat modeling for new features and architecture changes Evaluate emerging security technologies and recommend adoption strategies

What You Bring

Required: 7+ years of experience in security engineering, with significant focus on cloud security Experience in managing/ writing policies in any of the industry leading CSPM platform Proficiency in Policy as Code frameworks (OPA/Rego, Sentinel, or similar) Deep understanding of the cloud services and workloads security. Hands-on experience with major cloud platforms (AWS, Azure, or GCP) Strong experience with Infrastructure as Code tools like HELM and security best practices Deep expertise in Kubernetes security (RBAC, network policies, pod security, admission controllers) Programming/scripting skills in Python, Go, or similar languages for automation Strong understanding of container security and orchestration Experience with security automation and DevSecOps practices Excellent problem-solving skills and ability to work independently