Job Description Cloud Security SME
Role Overview
WK is seeking a highly skilled Cloud Security Subject Matter Expert (SME)with deep hands-on experience across AWS and Azure. The Cloud Security SME will lead security architecture reviews, identify and remediate misconfigurations, and guide engineering teams in building secure-by-design cloud environments. This role requires strong technical leadership, the ability to challenge architects constructively, and the capability to solve complex security issues independently.
Key Responsibilities
Cloud Security Architecture
- Review, challenge, and strengthen cloud architecture designs across AWS and Azure.
- Provide expert-level guidance on identity, network security, encryption, workload hardening, and Zero Trust principles.
- Ensure alignment with WK security standards, compliance requirements, and industry best practices.
Security Operations & Misconfiguration Remediation
- Identify, troubleshoot, and remediate cloud security misconfigurations in real-time.
- Work hands-on with engineering teams to resolve high-risk findings from CSPM/CNAPP, CIEM, IAM, and logging tools.
- Conduct deep-dive investigations of cloud incidents and support IR/SOC teams as needed.
CIEM, IAM & Access Governance
- Support improvements in Cloud Infrastructure Entitlement Management (CIEM) and Just-In-Time (JIT) access models.
- Assess human and non-human identity access, enforce least privilege, and reduce privilege creep across clouds.
- Enhance controls for MFA, key rotation, secret management, and service account governance.
DevSecOps & Automation
- Integrate security controls into CI/CD pipelines and IaC (Terraform/CloudFormation).
- Partner with DevOps and platform teams to automate guardrails and baseline policies.
- Validate secure configurations for containers, serverless functions, and cloud-native services.
Collaboration & Leadership
- Mentor engineering teams and elevate cloud security knowledge across the organization.
- Lead architecture reviews, technical workshops, and cloud security training sessions.
- Work closely with cross-functional teams, including product engineering, cloud operations, and infrastructure groups.
Required Skills & Experience
- Minimum 10+ years of experiencein cloud security, cloud architecture, or security engineering.
- Strong hands-on expertise in AWS and Azure security tools, IAM models, networking, encryption, logging, and monitoring.
- Proven ability to identify and remediate cloud misconfigurationsquickly and accurately.
- Ability to challenge cloud architectson design decisions with a security-first approach.
- Experience with CIEM, CSPM, CNAPP, secret management, key rotation, and identity governance.
- Familiarity with Terraform, CloudFormation, GitHub, pipelines, and DevSecOps processes.
- Preferred certifications: AWS Security Specialty, Azure Security Engineer, CISSP, CCSP
