Senior Cloud Security Engineer

BeyondTrust
Summary
Join BeyondTrust's security team as a Sr. Cloud Security Engineer specializing in securing FedRAMP environments. You will design, implement, and maintain security controls in cloud infrastructures, ensuring compliance with FedRAMP requirements. Responsibilities include working with compliance teams, managing IAM policies and encryption, supporting ATO processes, and implementing security tools. The ideal candidate possesses extensive experience in cloud security engineering within FedRAMP-compliant environments and a strong understanding of relevant security controls and technologies. This role requires hands-on experience with cloud platforms like AWS GovCloud, Azure Government, or Google Cloud for Government. BeyondTrust fosters a culture of flexibility, trust, and continual learning.
Requirements
- 3-5+ years of cloud security engineering experience in a FedRAMP-compliant environment
- Strong knowledge of AWS GovCloud, Azure Government, or Google Cloud for Government
- Experience with FedRAMP Moderate/High, NIST 800-53, and FISMA security controls
- Hands-on experience with IAM, encryption (KMS, HSMs), VPC security, and SIEM tools
- Proficiency in Terraform, Ansible, or CloudFormation for security automation
- Experience with incident response and forensics in cloud environments
- Strong scripting skills (Python, Bash, PowerShell) for automation
Responsibilities
- Design and implement cloud security architecture in compliance with FedRAMP Moderate/High and NIST 800-53 controls
- Maintain and enhance security monitoring, logging, and incident response capabilities for cloud environments (AWS, Azure, GCP)
- Work closely with compliance teams to ensure continuous monitoring and audit readiness for FedRAMP-authorized environments
- Deploy and manage IAM policies, encryption standards, and secure configurations aligned with FedRAMP security baselines
- Support continuous ATO (Authorization to Operate) processes, including vulnerability management, SSP (System Security Plan) updates, and security assessments
- Implement and maintain SIEM, endpoint protection, and cloud security posture management (CSPM) tools
- Collaborate with DevOps, engineering, and risk teams to embed security in CI/CD pipelines and infrastructure as code (IaC)
- Conduct cloud security risk assessments, penetration testing, and remediation of security findings