Senior Cloud Security Engineer
At Semperis, our mission is to be a Force for Good. Starting with being a great place to work. We believe that when people feel valued, supported, and empowered, they do their best work. That’s why we focus on creating an employee experience rooted in purpose, growth, and balance. Semperis has been recognized as one of America’s Fastest-Growing Cybersecurity Companies by the Inc. 5000, a DUNS 100 Top Startup to Work For, and a multi-year Inc. Best Workplace awardee.
What We Are Looking For
As we continue to scale our cloud footprint and regulated offerings, we are expanding our Cloud Security team with a Senior Cloud Security Engineer who thrives at the intersection of cloud platforms, security engineering, networking, and automation.
We are looking for a Senior Cloud Security Engineer to help build secure-by-default cloud platforms across Azure and AWS. This is an engineering-focused role centered on preventive controls, scalable guardrails, Kubernetes security, network security, and automation, not a SOC or incident-response-first position.
Primary focus areas: cloud security guardrails, Kubernetes security, cloud network controls, and automation across Azure and AWS
What You Will Do
·You will own the security architecture, guardrails, and automation patterns, while partnering with platform and infrastructure teams on implementation.
Own and evolve Cloud Security Posture Management (CSPM) capabilities, including policies, guardrails, and automated remediation.
Engineer and maintain cloud network security controls, including network segmentation and isolation, cloud-native firewalls and security groups, Application Gateway / WAF configurations, and secure ingress and egress patterns.
Define and enforce security best practices for Kubernetes environments (AKS/EKS), including RBAC, network policies, workload isolation, and cluster hardening.
Partner with engineering teams on architecture reviews for new services, platforms, and major changes, helping teams design secure, compliant, and practical solutions.
Engineer and maintain identity and access security controls for cloud and production environments, including least privilege, workload identity, service principals, and conditional access.
Apply a security lens to FinOps, defining guardrails that balance cost optimization with security and compliance.
Develop tooling, automation, and self-service workflows that reduce manual effort and improve consistency across security programs.
Communicate complex security risks and technical recommendations clearly to engineering teams, leadership, and cross-functional stakeholders.
Mentor junior engineers and contribute to raising the overall security maturity of the organization.
What You Will Bring (Required)
6+ years of experience in cloud security, security engineering, or cloud platform engineering roles.
Deep hands-on security experience in Azure or AWS is required; experience across both is strongly preferred.
Hands-on experience securing production AKS/EKS environments, including RBAC, network policies, workload identity, admission controls, image/runtime controls, and cluster hardening.
Proven experience with cloud network security, including firewalls, WAFs, network segmentation, and secure connectivity patterns.
Strong understanding of cloud security architecture, including shared responsibility models, secure service design, and defense-in-depth.
Experience with preventative security controls, including CSPM, policy enforcement, and secure cloud baselines.
Cloud automation experience using Infrastructure as Code tools such as Terraform, Bicep, or CloudFormation, plus scripting with Python, PowerShell, Bash, or similar languages.
Ability to operate independently, own complex problem spaces, and deliver practical, scalable solutions.
Strong communication skills and comfort providing architecture-level guidance to engineering teams.
·Experience working in regulated environments
Bonus Points
Experience contributing to or supporting compliance programs such as FedRAMP, SOC 2, ISO 27001, or NIST frameworks.
Familiarity with CI/CD pipelines and DevSecOps practices.
Experience with identity and access management in cloud environments (RBAC, workload identity, service principals) is a strong plus.
What Success Looks Like
• Secure by default cloud patterns are documented, automated, and adopted by engineering teams.
• CSPM findings are prioritized, routed, and remediated through repeatable workflows.
• Kubernetes and cloud network controls are consistently implemented across production environments.
• Engineering teams receive practical security guidance early in design, not after deployment.
Why Join Semperis?
You’ll be part of a global team on the front lines of cybersecurity innovation. At Semperis, we celebrate curiosity, integrity, and people who take initiative. If you’re someone who sees the glass as half full, embraces challenges as growth opportunities, and values a healthy balance between work and life—we’d love to meet you.
**Semperis maintains office locations in several cities across the globe. Where the job description specifies a required location, candidates will follow our hybrid work model. This includes working up to three days per week and remotely the remaining days.