Cloud Security Engineer

Lynx are looking for a Cloud Security Engineer who can design, automate, and enforce cloud controls at scale. If you enjoy building policy-as-code frameworks, enabling shift-left security, and strengthening cloud governance across complex environments, this role is for you.

The Role

You'll own the design and implementation of organization-wide cloud controls across AWS and Azure. You'll work closely with DevOps, Security, Risk, and Compliance teams to embed secure-by-default practices and ensure continuous adherence to security and regulatory requirements. This is a hands-on engineering role where you'll build automation, develop policy frameworks, and help teams remediate issues efficiently.

Key Responsibilities

• Design, implement, and manage organization-wide cloud controls using Azure Policies, AWS Organizations, SCPs, Config Rules, and Cloud Custodian

• Architect and enforce Zero Trust and least-privilege models (RBAC, PBAC), region restrictions, and platform security controls

• Collaborate with DevOps/Cybersecurity teams to resolve non-compliant cloud resources

• Monitor control effectiveness and drive continuous improvement of cloud governance

• Provide technical leadership and mentor teams on cloud policy best practices

• Work with risk, compliance, and audit teams to produce control evidence

• Implement and manage CNAP policies using Wiz for posture assessment and remediation

• Embed security early by integrating vulnerability scanning, IaC policy enforcement, and compliance checks into GitLab CI/CD

• Develop policy-as-code frameworks using OPA/Rego to prevent misconfigurations pre-deployment

• Integrate security controls into Terraform and other IaC workflows

• Champion shift-left practices-enabling developers to self-remediate issues during build and coding stages

• Build SOAR playbooks to automate response and remediation workflows

Experience Requirements

• 3+ years in Cybersecurity and CNAP-focused roles

• Deep AWS security expertise: IAM, Organizations, SCPs, cloud security architecture

• Hands-on experience with Cloud Custodian or similar policy automation tools

• Proficiency with Terraform or AWS CloudFormation

• Strong understanding of cloud compliance frameworks (CIS, NIST, ISO, etc.)

• Expertise in OPA/Rego for policy-as-code

• Experience with Wiz CNAP for cloud security posture management

• Advanced Python Scripting for automation and remediation workflows

• Experience driving DevSecOps automation and shift-left security adoption

• Strong collaboration skills across engineering and CISO/leadership teams