Senior Cloud Security Engineer

Job DescriptionAbout the RoleWe're seeking a Senior Cloud Security Engineer to join our Product Security team’s Cloud Infrastructure Security wing, where you'll play a critical role in building and maintaining security infrastructure that prevents issues before they become incidents. Working closely with our leads across Qualys, you'll design and implement security controls, automation, and policies that protect our cloud-native products at scale. What You'll Do Cloud Security EngineeringReview security controls for Kubernetes environments across multiple clustersDevelop and optimize Infrastructure as Code (IaC) security patterns using tools like HELM, Terraform and CloudFormationBuild and enforce Policy as Code frameworks to ensure consistent security posture across cloud platformsCreate and maintain security policies for Platform-as-a-Service (PaaS) offeringsConduct security reviews of cloud architecture as well as services, recommend hardening measures, and drive adoption through IaC and PaC. Cloud Security Posture Management (CSPM)Write/ create appropriate security policiesReview the CSPM findings and work with appropriate stakeholders to get the findings remediated. Process AutomationDevelop automation solutions to streamline security workflows and eliminate manual security tasksBuild security tooling and integrations that enable product teams to shift security leftCreate automated compliance checks and remediation workflowsImplement security testing automation within CI/CD pipelinesDesign self-service security capabilities that empower engineering teams Security AnalysisPerform in-depth security assessments of applications, infrastructure, and cloud environmentsAnalyze security telemetry and metrics to identify trends and potential vulnerabilitiesInvestigate security findings and provide detailed remediation guidanceEvaluate emerging security technologies and recommend adoption strategies.What You Bring Required:5+ years of experience in security engineering, with significant focus on cloud securityExperience in managing/ writing policies in any of the industry leading CSPM platform with proficiency in Policy as Code frameworks (OPA/Rego, Sentinel, or similar)Deep understanding of the cloud services and workloads security.Hands-on experience with major cloud platforms (AWS, Azure, or GCP)Strong experience with Infrastructure as Code tools like HELM and security best practicesDeep expertise in Kubernetes security (RBAC, network policies, pod security, admission controllers)Programming/scripting skills in Python, Go, or similar languages for automationStrong understanding of container security and orchestrationExperience with security automation and DevSecOps practicesExcellent problem-solving skills and ability to work independently Preferred:Experience with Qualys’s Total Cloud platformExperience with REGO, PythonExperience with TerraformExperience with security scanning tools (SAST, DAST, SCA, container scanning)Knowledge of compliance frameworks (SOC 2, ISO 27001, PCI DSS)Contributions to open-source security projectsRelevant security certifications (CCSP, CCSK, CKS, or equivalent)Experience in product security or application security role. Why Join UsYou'll be part of a team that operates at the intersection of security, engineering, and product development. We believe in preventing problems before they occur through smart automation, robust architecture, and proactive security practices. You'll have the opportunity to work with cutting-edge cloud technologies while making a tangible impact on product security at Qualys

Apply Now