Cloud Solutions Engineer: IV (Lead)

Cloud Solutions Engineer (Lead)

Hybrid (4 days on-site)

Location: Columbus, OH

Role Responsibilities

• Design, develop, and maintain CIS Benchmark-aligned baseline hardening modules using Puppet (Puppet DSL, Hiera) for Linux distributions (RHEL 8/9, Ubuntu, Amazon Linux, etc.) and Windows Server versions (2019/2022/2025) operating in cloud platforms.

• Design and harden Amazon Machine Images (AMIs), Azure Images, and GCP VM Images using Packer, embedding CIS Benchmarks and organizational security controls directly into the base image.

• Architect, automate, and maintain Packer-based pipelines that build, validate, test, and publish hardened AMIs and base images across multiple environments (dev prod) with full versioning and governance.

• Harden Kubernetes worker nodes and managed node groups (EKS, AKS, GKE, OpenShift) using CIS controls, image-based baselines, and configuration enforcement workflows.

• Implement continuous compliance and drift detection pipelines using Puppet, custom scripts, and cloud-native tooling (Config, Policy-as-Code frameworks).

• Generate automated compliance, deviation, and audit-ready reports to evaluate adherence to CIS Benchmarks, internal standards, and regulatory frameworks.

• Collaborate with Security and Audit teams to translate policies, CIS controls, and hardening requirements into automated guardrails for cloud workloads and images.

• Maintain and enhance reusable Puppet modules, roles/profiles, and Hiera data structures to support scalable hardening across hybrid and multi-cloud environments.

• Validate hardened images and baseline controls through testing frameworks (integration tests, compliance scans, InSpec or equivalent).

• Own the cloud image lifecycle: image creation CIS hardening validation signing publishing rotation deprecation.

• Maintain expert-level Linux and Windows system administration skills to troubleshoot, validate, and enhance hardened cloud images and configurations.

• Stay current with CIS Benchmark updates, cloud platform hardening recommendations, and evolving industry best practices for image security and baseline governance.

Basic Qualifications

• Bachelor's Degree

• 5 years of experience in cloud OS hardening, configuration management, or cloud security engineering

• Strong Linux and Windows system administration experience

• Strong Puppet development experience (Puppet DSL, Hiera)

Preferred Qualifications

• Experience building or maintaining hardened cloud images using HashiCorp Packer

• Experience publishing AMIs or cloud images through automated pipelines (Jenkins, Azure DevOps Pipelines, Harness, etc.)

• Hands-on experience implementing CIS Benchmarks for Linux, Windows, and Kubernetes

• Kubernetes hardening experience with EKS, AKS, GKE, or OpenShift worker nodes

• Familiarity with cloud-native configuration and compliance services (AWS Config, Azure Policy, GCP Security Command Center)

• Proficiency in scripting (Python, Bash, PowerShell, Groovy, Go)

• Experience generating automated compliance/audit evidence for regulated environments (PCI, SOX, FFIEC, ISO, etc.)

• Understanding of cloud networking, identity, logging, and security controls across AWS, Azure, and GCP

• Experience with Git, GitOps practices, and secure pipeline workflows

• Excellent documentation, communication, and analytical skills