[Remote] Senior Cloud Security Engineer

Note: The job is a remote job and is open to candidates in USA. Benchmark Analytics is dedicated to transforming policing through data science and machine learning, providing an evidence-based early intervention system for law enforcement agencies. They are seeking a Senior Cloud Security Engineer to enhance platform reliability and security, integrating security practices into the engineering lifecycle and maintaining a secure AWS environment.

Responsibilities

• Design, build, and maintain secure AWS infrastructure across standard and GovCloud environments
• Own infrastructure-as-code (Terraform / OpenTofu) with a security-first mindset
• Manage IAM strategy, least-privilege access controls, and cloud security posture
• Own application observability and monitoring — instrumentation, dashboards, and alerting across infrastructure and application layers so issues surface before customers do
• Operate and evolve our EKS-based platform including node lifecycle, workload isolation, and cluster security
• Implement and maintain admission control, network policies, and runtime security tooling
• Partner with engineering teams on deployment patterns and container security
• Build and maintain secure, automated deployment pipelines (GitHub Actions)
• Integrate SAST, dependency scanning, secrets detection, and container image scanning into the SDLC
• Drive shift-left security practices across the engineering organization
• Maintain and improve security controls aligned to CJIS Security Policy and SOC 2 Trust Services Criteria
• Triage or resolve security alerts by working with engineering teams and/or committing code yourself
• Manage vulnerability management workflows, prioritization, and remediation tracking
• Support audit preparation, evidence collection, and control documentation
• Monitor for threats and respond to security findings across cloud, application, and endpoint layers
• Enforce and maintain software supply chain security across the organization
• Serve as an on-call responder for infrastructure and security incidents
• Drive post-incident reviews and own follow-up remediation items
• Develop and refine runbooks, alerting, and on-call procedures
• Identify and implement automation opportunities that reduce manual operational toil
• Contribute to AI-assisted operations initiatives, including agentic workflows and observability improvements
• Build and maintain an internal Agentic-based software factory platform to accelerate organization-wide agentic coding
• Apply security controls to AI tooling and LLM-integrated systems as they are introduced
• Build and maintain self-service infrastructure tooling that lets engineering teams ship securely without waiting on Infrastructure & Security teams
• Create paved-path templates, modules, and golden pipelines that make the secure path the easy path
• Improve the developer experience by identifying problems and automating, improving, and accelerating developers’ workflows through custom internal platform solutions
• Provide internal documentation, office hours, and enablement sessions to level up engineering teams on cloud, security, and platform best practices

Skills

• 5–8 years of experience in DevOps, DevSecOps, SRE, Cloud Engineering, or Platform Engineering roles
• Strong hands-on AWS cloud infrastructure experience: EC2, EKS, IAM, VPC, S3, and related services
• Production Kubernetes experience including cluster operations and workload security
• Experience building and maintaining CI/CD pipelines with integrated security tooling
• Working knowledge of SOC 2 or similar compliance frameworks and their operational implications
• Infrastructure-as-code fluency with Terraform or OpenTofu
• Strong incident response skills: you've been in the hot seat and know how to stay calm and methodical
• Able to receive and respond constructively to feedback, and collaborate well with team members
• Excellent written communication: you can document a runbook, write a post-mortem, and explain a technical risk to a non-technical stakeholder
• Bachelor's degree in Computer Science or equivalent professional experience
• Experience with CJIS Security Policy or other criminal justice / government data frameworks
• AWS GovCloud experience
• Familiarity with agentic AI workflows or LLM security considerations
• Experience with observability platforms (Datadog, OpenTelemetry, or similar)
• Contributions to security tooling, automation frameworks, or open-source projects
• Experience working in an early-to-growth-stage startup environment

Benefits

• Unlimited Paid Time Off.
• Ability to work in a fully remote environment  (must be based in the U.S. and willing to work in Central Time Zone).
• Summer Half-Day Fridays.
• Freed Up Fridays during Spring, Fall, and Winter months to promote productivity and dedicated heads-down work time.
• Medical, dental, and vision plan offerings along with 401(k).
• Employer-paid Short-Term Disability, Long-Term Disability, and Life Insurance.
• Other Voluntary Benefits include additional Life Insurance, Spouse Life Insurance, and Accident Insurance.

Company Overview