Senior Cloud Security Engineer (AWS)
This role partners with internal project teams to maintain strong privacy and security standards for products. Acting as a key liaison, it works closely with engineering, quality, and regulatory teams while overseeing members of the cybersecurity function.
Core Responsibilities
* Serve as the primary representative for the Cybersecurity and Privacy team.
* Lead cross-functional efforts to deliver all technical aspects of product cybersecurity initiatives, acting as the cybersecurity “Product Owner.”
* Safeguard the confidentiality, integrity, and availability of cloud-based products and solutions.
* Drive implementation of “Privacy and Security by Design and Default” principles across assigned projects.
* Collaborate with development teams to embed cybersecurity and privacy into product architecture.
* Provide subject matter expertise during risk assessments, including:
* Threat management processes
* Ongoing technical analysis and monitoring of security signals
* Manage customer-facing cybersecurity and privacy assurance activities, including:
* Product labeling
* Responding to security inquiries
* Handling complaints and vulnerability reports
* Delivering consistent guidance to internal teams and clients
* Lead investigations of cybersecurity and privacy-related incidents for assigned projects.
Required Qualifications
* 10+ years of experience in cybersecurity and privacy compliance
* 5–10 years of cloud security experience (AWS preferred)
* 5 years leading product cybersecurity projects and risk management
* Expertise in defense-in-depth strategies, security technologies, regulatory compliance, and incident response
* Familiarity with industry standards (ISO 2700x, NIST 800 series) and regulatory frameworks (FDA guidelines, HIPAA, GDPR, ISO 13485, ISO 14971, ISO 27001/27017/27018, ISO 30111, AAMI TIR 57, etc.)
* Experience implementing secure software development lifecycle (SDLC) practices
* Strong knowledge of:
* Operating system hardening (Windows/Linux)
* Network and web server security
* Database security
* Cloud architecture and security best practices (AWS preferred)
* Professional certifications such as CISSP, CISM, CISA, Security+, or equivalent