Cloud Security Engineer (AWS & GCP)

Tyto Athene • Full-time • Remote • $110k - $140k / year • 1w ago

Description

Tyto Athene is hiring a Cloud Security Engineer (AWS & GCP) to join our team of cloud, security, and compliance experts. This role is primarily focused on daytoday security engineering, including system hardening, vulnerability remediation, cloud operations, and security tool management across AWS & GCP environments.

In addition to regular businesshours responsibilities, engineersparticipatein a structured afterhours 24oncall rotation (primary or backup) to support response to incidents, alerts, and escalations for customersoperatingunder FedRAMP, FISMA, and NIST 80053 frameworks.

Responsibilities:

Perform systems administration and maintenance including patching, vulnerabilityscanning,compliance scanning and remediation,backups, and recovery for cloud workloads.
Support AWS & GCP environments, including Windows and Linux virtual machines, container workloads, and cloud services such as EC2, EBS, S3, RDS, WorkSpaces (AWS), Compute Engine, Cloud Storage, Cloud SQL (GCP), and Active Directory or equivalent identity services.
Configure, update, andmaintainsecurity tools for endpoint protection, log collection, vulnerability scanning, and compliance monitoring.
Troubleshoot issues across network, compute, application, and identity layers by reviewing logs, collecting data, and analyzing system behavior.
Implement hardening and compliance controls using CIS Benchmarks, DISA STIGs, and FedRAMP requirements.
Remediate vulnerabilitiesidentifiedby tools such as Tenable,Trivy,OpenSCAP,Anchore,Twistlock, and others.
Provide quality assurance feedback during system deployments to ensure architecture meets compliance and operational requirements.
Collaborate with Security Analysts to ensure uninterrupted delivery of security services to customers.
Create andmaintaindocumentation including network diagrams, dataflow diagrams, SOPs, and security tool configuration guides.
Support client communications, deliverables, and issue resolution with strong verbal and written communication skills.
Support and mentor junior engineers as and whenrequired.
AfterHours 24OnCall Rotation:
- Serve as primary or backup oncall engineer during assigned rotation.
- Respond to afterhours security alerts, infrastructure incidents, outages, andConMonevents.
- Perform initial triage, containment, and stabilization using established runbooks.
- Investigate and respond to alerts generated.
- Escalate complex issues to senior engineers, architects, or compliance teams.
- Document incidents, actions taken, and recommended improvements.
- Contribute to automation improvements and runbook enhancements.

Qualifications

Required:

Six (6) or more years of IT engineering and/or cybersecurity experience, with at least three (3) years working in a dedicated cloud security engineering or similar position.
Handson experience with both AWS and Google Cloud Platform (GCP).
Ability to diagnose and resolve issues across Linux and Windows systems, network infrastructure, and cloud services.
General systems administration and vulnerability management experience, including system patching and hardening, identity and access management (IAM), and related tasks.
Experience working in a DevSecOps environment, integrating security practices into cloud and infrastructure workflows.
Familiarity with ITSM ticketing systems such as Gitlab (preferred), Jira, ServiceNow, etc.
Ability to work independently during both business hours and oncall periods.
Strong written and verbal communication skills for customer interaction and incident documentation.
Handson experience with one or more of the following tools:
- Splunk Enterprise
- Tenable Security Center/Nessus
- Invicti/Acunetix
- Appgate
- Okta
- GitLab
- Palo Alto Networks Firewalls
- TrendMicro Deep Security
- Trivy
- Anchore
- Terraform
- CloudFormation
- Ansible

Desired:

Bachelor's Degree in Computer Science or other relevant field.
Experience supporting federal/government-facing customers or consulting engagements, ensuring compliance and operational requirements.
Experience with FedRAMP, FISMA, or NIST 80053 compliance frameworks.
Prior oncall, SRE, SOC, or incident response experience.
Relevant AWS or Google Cloud Platform certifications.
Security+ or other relevant industry security certification.
Experience with infrastructureascode or automation tooling.
Experience with Kubernetes is highly desirable.

Location:

Remote (US)

Clearance:

Must be a US Citizen with the ability to obtain a security clearance

Compensation:

Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $110,000-$140,000This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.