Cloud Security Analyst

About the role

We are seeking a Cloud Security Analyst to join a globally distributed technology team focused on building secure, scalable, and reliable cloud‑based products. In this remote‑first position you will protect cloud infrastructure, applications, and sensitive data while supporting security initiatives across engineering, operations, and business functions.

Key responsibilities

• Design, implement and maintain cloud security controls across infrastructure, applications and development environments.
• Secure cloud‑native application stacks throughout their lifecycle, from development to deployment and operations.
• Integrate security practices into CI/CD pipelines, including static analysis, dynamic testing, dependency scanning, secrets management and IaC security controls.
• Manage and enforce IAM policies using least‑privilege principles.
• Implement and maintain container and Kubernetes security solutions, including image scanning, runtime protection and policy enforcement.
• Monitor cloud environments for threats, investigate alerts and respond to incidents.
• Conduct vulnerability assessments, penetration testing and remediation in partnership with engineering teams.
• Support security incident response, forensic investigations and continuous improvement of runbooks.
• Develop and maintain security documentation, standards, policies and procedures.
• Collaborate with stakeholders on compliance initiatives, audits and risk management.

Required profile

• 5+ years of experience in cloud security, application security or cybersecurity.
• Hands‑on experience securing cloud‑based applications and infrastructure throughout the software development lifecycle.
• Deep knowledge of AWS security services and cloud‑native security architecture principles.
• Solid understanding of secure coding concepts and common application vulnerabilities (e.g., OWASP Top 10).
• Experience integrating security controls into DevOps and CI/CD workflows.

Required skills

• AWS security services
• Cloud security architecture
• CI/CD pipeline security
• SAST, DAST, SCA
• Secrets scanning
• Infrastructure‑as‑Code security testing
• Container security
• Kubernetes security
• IAM and least‑privilege policy management
• Vulnerability assessment tools
• Penetration testing
• Incident response and forensic investigation