Cloud Security Automation Engineer

Summary

Join GuidePoint Security as an experienced Cloud Security Automation Engineer and become a key member of our consulting team. In this client-facing role, you will collaborate with diverse organizations to fortify their cloud-native workloads, focusing on Kubernetes environments. Leverage your expertise in Policy as Code, Infrastructure as Code (IaC), secrets management, and CI/CD platforms to build secure and automated cloud infrastructures. You will design, implement, and provide guidance on securing Kubernetes clusters, advise on security policies, and assist in implementing secrets management solutions. Furthermore, you will integrate security controls into CI/CD processes and guide clients in securing cloud-native services. This role requires strong client communication and collaboration skills.

Requirements

• Proven experience in consulting or a similar role, with a focus on securing cloud-native environments, particularly Kubernetes
• Proficiency in Policy as Code tools (e.g., Open Policy Agent, Kyverno, HashiCorp Sentinel) and experience guiding clients in their implementation
• Expertise in Infrastructure as Code (IaC) tools like Terraform, CDKTF, AWS CloudFormation, AWS CDK, Bicep, or Azure Resource Manager (ARM)
• Strong knowledge of secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, Akeyless, Azure KeyVault) and the ability to guide clients through the implementation process
• Experience with CI/CD & GitOps platforms and integrating security into DevOps & GitOps processes (e.g., Jenkins, GitHub Actions, GitLab CI, ArgoCD, Harness, ADO)
• Solid understanding of cloud platforms (AWS, Azure, GCP, or OCI) and their native security services
• Excellent client-facing communication and presentation skills, with the ability to work collaboratively in diverse environments
• Experience with scripting and automation (e.g., Python, Bash, PowerShell) to support client engagements

Responsibilities

• Collaborate with clients to understand their cloud security needs, assess current environments, and provide expert guidance on securing cloud-native and multi-cloud workloads
• Design, implement, and provide guidance on securing Kubernetes clusters for clients, including best practices in cluster hardening, network policies, RBAC, and runtime security
• Advise clients on developing and enforcing security policies using tools like OPA (Open Policy Agent), HashiCorp Sentinel, or other Policy as Code solutions to maintain compliance across their cloud environments
• Work with clients to secure their IaC deployments using tools such as Terraform, CloudFormation, or Bicep templates, ensuring security best practices are followed
• Assist clients in implementing and automating secrets management solutions using tools like HashiCorp Vault, AWS Secrets Manager, or Kubernetes Secrets
• Collaborate with clients' DevOps teams to integrate security controls into their CI/CD processes, leveraging tools like Jenkins, GitHub Actions, GitLab CI, and other automation platforms
• Guide clients in securing various cloud-native services, including serverless functions, containers, and managed cloud services using best-in-class security tools and practices
• Help clients implement monitoring and logging solutions for cloud security events and automate threat detection and response using SIEM tools and cloud-native services
• Educate clients' teams on cloud security best practices, secure automation techniques, and security-as-code methodologies
• Develop scripts, tools, and playbooks to assist clients in automating repetitive security tasks, ensuring consistent enforcement of security controls across cloud environments

Preferred Qualifications

• Kubernetes & Cloud Native Association Certifications: Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator. (CKA), Certified Kubernetes Application Developer (CKAD), Kubernetes and Cloud Native Associate (KCNA), Kubernetes and Cloud Native Security Associate (KCSA)
• CSP Certifications: AWS Certified Security – Specialty, AWS DevOps Engineer – Professional, AWS Solutions Architect -- Professional and/or Associate, AWS SysOps Administrator – Associate, AWS Developer – Associate, Azure Security Engineer Associate – AZ-500, Azure Developer Associate – AZ-204, Azure DevOps Engineer – AZ-400, Google Cloud Engineer, Google Cloud Architect, Google Cloud Developer, Google Cloud Security Engineer, Google Cloud DevOps Engineer
• HashiCorp Certifications: Terraform Associate, Terraform Authoring and Operations Professional, Vault Associate, Vault Operations Professional, Consul Associate
• Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK)
• Experience with container security tools (e.g., Aqua Security, CNAPPs (Prisma Cloud, Wiz, Crowdstrike), Falco)
• Familiarity with cloud security frameworks (e.g., CIS, NIST, ISO) and the ability to guide clients in adopting them
• Knowledge of DevSecOps practices and experience in integrating security into the software development lifecycle

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option