Senior/Staff Cloud Security Engineer

Develop automated workflows for security finding remediation, ensuring alignment with compliance frameworks (SOC 2, ISO 27001, GDPR).

Drive compliance readiness by implementing audit-friendly security controls and continuous monitoring.

Cloud Access & Identity Security

Define and maintain a secure cloud access elevation procedure, ensuring temporary privilege escalations follow just-in-time (JIT) principles.

Optimize IAM governance with strong enforcement of least privilege policies, automated access reviews, and logging for identity-based events.

Secure CI/CD & Infrastructure as Code (IaC)

Implement and manage CI/CD security controls, including static application security testing (SAST), dependency scanning, and infrastructure-as-code (IaC) security.

Work closely with DevOps teams to embed security into Terraform, Kubernetes, and AWS CloudFormation deployments.

Automate cloud security monitoring and policy enforcement through security-as-code methodologies.

Who You Are

7+ years of experience in Cloud Security Engineering, Security Architecture, or a related field.

Expert in AWS security, including IAM, KMS, VPC security, GuardDuty, SCPs, security groups, and WAF.

Hands-on experience securing cloud-native workloads, containers, and Kubernetes environments.

Strong understanding of zero-trust architectures, cloud IAM governance, AuthN and AuthZ, and cloud security monitoring.

Proven ability to automate security processes with Python, Bash, or Terraform.

Hands-on experience with Version Control platforms (Github, Gitlab, Bitbucket, Azure DevOps, etc.)

Deep knowledge of CI/CD security best practices, including SAST, DAST, dependency scanning, and secrets management.

Strong grasp of compliance frameworks (SOC 2, ISO 27001, GDPR, NIS2, PCI, CIS, etc.) and their cloud security requirements.

Working knowledge of Linux OS instances.

Nice to Have

Experience leading threat modeling, cloud security incident response, or forensic investigations.

Knowledge of privileged access management (PAM) solutions for cloud environments.

A portfolio of security research, open-source contributions, or conference presentations.

Why Join Us?

High-impact role: Your work directly secures a global identity and financial network serving millions.

Cutting-edge tech: Work with AWS, blockchain security, zero-knowledge proofs, and cryptographic protocols.

Strong security culture: Security is central to everything we build—not an afterthought.

Growth & autonomy: Lead initiatives, mentor others, and shape the future of security at TFH.

If you’re passionate about cloud security, large-scale systems, and protecting human identity, we’d love to hear from you.

Apply now to help secure the future of digital identity.

By submitting your application, you consent to the processing and internal sharing of your CV within the company, in compliance with the GDPR.

Pay transparency statement (for CA and NY based roles):

The reasonably estimated salary for this role at TFH ranges from $272,000-$310,000 plus a competitive long term incentive package. Actual compensation is based on factors such as the candidate’s skills, qualifications, and experience. In addition, TFH offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, vision, 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend and much more!