Cloud Security Engineer
Description:
Job Title: Cloud Security Engineer
Location: Alpharetta, GA or Columbus, OH or Berkeley Heights, NJ or Frisco, TX
Industry: Financial Services
Job Description:
Theoris Services is assisting our client in their search for a Cloud Security Engineer to add to their growing team. Our client is seeking someone who possess a strong technical background in systems administration, cloud computing, and infrastructure as code, with a particular focus on solution engineering/site reliability. This role will involve collaborating with cross-functional teams to enhance their security posture and streamline processes through automation.
Responsibilities:
Managing and operating HashiCorp Vault in production: Configuring and maintaining auth methods, dynamic secrets engines, Transit Engine for encryption, HCL policies, namespaces, and high availability/disaster recovery (HA/DR) setups. Integrating Vault with CI/CD pipelines for secrets management. Handling real operational tasks like secret rotation, troubleshooting access issues, or expanding Vault usage across teams.
Writing automation scripts and tools: Using Python, Bash (and possibly Go/Ruby) to automate security-related cloud tasks, such as enforcing policies, extracting audit data, remediating misconfigurations, building custom security tooling, or orchestrating operational workflows (e.g., automated compliance checks or incident response scripts).
Developing and maintaining Infrastructure as Code with Terraform: Designing modular Terraform codebases, managing multi-environment deployments (dev/staging/prod), handling remote state securely, implementing policy-as-code (e.g., Sentinel or OPA), and following secure IaC best practices. Applying changes via pull requests, reviewing IaC for security risks, and automating infrastructure provisioning with embedded security controls (e.g., least-privilege IAM roles, encrypted resources).
Configuring and hardening cloud platforms (mainly AWS): Working hands-on with services like EC2, IAM (roles/policies), VPC networking, S3 bucket policies/encryption, KMS keys, AWS Config rules, CloudTrail logging, and multi-account governance/landing zones. Implementing security controls, troubleshooting access/network issues, and ensuring secure configurations across accounts.
Supporting containerized environments (Docker + Kubernetes): Troubleshooting pod-level issues, configuring RBAC, liveness/readiness probes, Ingress controllers, network policies, and overall cluster security posture. Collaborating on secure container deployments and runtime protections.
Managing CI/CD pipelines with a security focus: Working with tools like Jenkins, GitLab CI, or GitOps workflows to integrate security scanning, automated compliance gates, secrets injection (often from Vault), and secure deployment practices into developer pipelines.
Unix/Linux systems administration and debugging: Performing OS-level troubleshooting, analyzing kernel events, process management, I/O performance issues, and low-level debugging in cloud instances or Kubernetes nodes when security/reliability incidents arise.
Collaborating cross-functionally and reducing toil: Partnering with development, DevOps/SRE, and other security teams to embed security into processes, automate repetitive tasks, review designs for security risks, participate in incident response/post-mortems, and improve overall security posture through automation and reliable systems.
On-call and incident response (SRE-style): Participating in rotations to handle production security/reliability incidents, such as misconfigurations causing outages, unauthorized access attempts, or Vault-related failures, while focusing on automation to prevent recurrence.
Requirements:
Hands-on experience with HashiCorp Vault - Practical experience configuring auth methods, dynamic secrets, Transit Engine, policies (HCL), namespaces, HA/DR design, and CI/CD integration. Must demonstrate real operational use, not familiarity.
Strong programming and scripting skills (Python, Bash) - Automation of cloud tasks, pipelines, security tooling, data extraction, policy enforcement, and operational workflows.
Infrastructure-as-Code expertise (Terraform) - Modular Terraform design, multi-environment patterns, remote state, versioning, policy-as-code, and secure IaC practices.
Cloud platform proficiency (Priority AWS/Azure/GCP) - Hands-on with EC2, IAM, VPC, S3, KMS, Config, CloudTrail, networking, and multi-account governance; Azure/GCP familiarity is beneficial.
Unix/Linux sys admin background -Troubleshooting/sys performance, I/O, kernel events, processes and OS level debugging
Containerization and orchestration (Docker and Kubernetes) - Pod troubleshooting RBAC, probes, ingress, cluster knowledge
CI/CD pipeline management - Jenkins, GitLab, CI, Gitops
Programming and Scripting - Strong proficiency in languages like Python, Go, Bash, or Ruby. SREs often need to write automation scripts and build tooling.
Best-In-Class-Benefits:
We are in the people business; treating people right is our ONLY priority. Theoris Services consultants are full-time employees with full benefits, including:
Robust Health Insurance
401(k) plan
About Theoris:
Our goal is to Fuel Your Career! As a Theoris team member, you join a culture based on people-centered values and an environment that fosters both personal and professional growth. We build long-term relationships with our clients and our consultants. With over 30 years of building strong relationships in the industry, we're uniquely positioned to make the right connections. This knowledge is used to find the right job placement. Our recruiting teams are experts dedicated to the information technology and engineering staffing space and are highly respected by our client base.