Position: Cloud Security Engineer

Location: The position is based in Houston, TX

Employment Type: Full-Time

Job Overview

Are you passionate about securing cloud environments and driving best-in-class security practices? Join our dynamic team at TMHCC, where you’ll play a key role in building a secure and resilient cloud infrastructure!

The ideal candidate will bring a robust understanding of cloud security frameworks, compliance requirements, and proven hands-on experience in realizing security outcomes with cloud-native security tools and automation. You will be responsible for designing, implementing, and maintaining well engineered preventive and remediation cloud security guardrails and processes, collaborating with decentralized development and operations teams. The candidate is expected to have expertise in AWS and/or Azure cloud security engineering.

The position will be part of TMHCC Cloud & Platform Services team.

Key Outcomes

Cloud security engineering focuses on building secure, scalable, and resilient cloud architectures. Key security outcomes for cloud security engineering include:

Strengthened Access Control: Ensure that only authorized users, systems, and services can access cloud resources. Resilient Cloud Infrastructure: Design security frameworks that help cloud environments withstand and recover from attacks. Data Protection & Compliance: Safeguard sensitive data in transit and at rest, meeting regulatory requirements (GDPR, HIPAA, etc.). Proactive Threat Detection & Response: Detect and mitigate threats before they escalate. DevSecOps Integration: Embed security into every stage of the software development lifecycle. Compliance & Governance: Ensure adherence to legal and organizational security standards. Incident Response: Minimize the impact of security incidents with well-defined response processes. Reduced Attack Surface: Eliminate vulnerabilities through rigorous security assessments and proactive measures.

Key Responsibilities

Detect, Prevent, Remediate

Identify and assess security risks, communicate potential threats to stakeholders, and implement effective remediation strategies.Design, implement, and maintain preventive and remediation controls across AWS and Azure.Apply and enforce industry-standard security frameworks, including CIS Benchmarks, AWS Foundational Security Best Practices (FSBP), and Microsoft Cloud Security Benchmark (MCSB).Track and report on the effectiveness of AWS/Azure detective controls and other 3rd parties such as Wiz.

Security Engineering Process

Develop processes and cloud policies/standards, ensuring proactive and efficient response to threats.Assist internal teams to integrate security into CI/CD pipelines and workflows.Contribute to the development of security automation and security posture improvements.

Compliance Management

Conduct security audits, manage cloud security documentation, and ensure ongoing compliance with industry regulations (GDPR, HIPAA, etc.).

Collaboration and Training

Work closely with cross-functional teams, including developers, architects, and operations, to implement and monitor security practices.Empower internal teams by leading training sessions and workshops on AWS and Azure security best practices.

Continuous Improvement

Continuously evaluate emerging cloud security trends, integrating innovative solutions to enhance the organization's security posture.

Required Qualifications

Technical Expertise

Strong experience in AWS and/or Azure security services and frameworks.Hands-on experience with tools like AWS security services (IAM, Security Hub, GuardDuty, CloudTrail, CloudWatch, Config, and Automated Security Remediation) and/or Azure security services (Entra ID, Cloud Defender).Experience in securing containers and Kubernetes configurations.Proficiency in network security, including securing virtual networks, firewalls and governance, and subnets.Proven experience securing cloud infrastructure, including IaaS resource patching and container image scanning.Experience with 3rd party remediation software such as Cloud Custodian, Stacklet.Demonstrated ability to secure and manage hybrid cloud environments.

Automation and Development

Proficient in scripting and automation using Python, Terraform, and Azure/Functions or AWS/Lambda.Experience with Infrastructure as Code (IaC) tools such as Terraform.Develop and implement policy-as-code solutions using tools such as GitHub Copilot and AWS Code Whisperer.

Compliance Knowledge

Experience ensuring compliance with GDPR, HIPAA, and cloud security frameworks such as CIS, AWS/FSBP, and Microsoft/MCSB.

DevSecOps Practices

Proven expertise embedding security controls within DevOps workflows, CI/CD pipelines, and cloud-native development processes.Skills with GitHub/Azure-DevOps, PowerShell, Bash, AWS/Azure CLI.Familiarity with container security in AWS/Azure environments

Preferred Certifications (Highly Valued but Not Required)

AWS Certified Security – Specialty.AWS Certified DevOps Engineer - Professional.Microsoft Certified: Azure Security Engineer Associate.Microsoft Certified: DevOps Engineer Expert.CISSP, CCSP, or equivalent industry certifications.

Having one or more of these certifications will give you a competitive edge!

Soft Skills

Strong analytical mindset with the ability to assess complex security challenges and drive innovative solutions.Ability to effectively communicate complex security concepts to technical and non-technical stakeholders.Ability to work collaboratively in a federated operating model.Continuous learning mindset to keep up with emerging technologies.

Why Join TMHCC?

Work on cutting-edge cloud security projects in a highly innovative environment.Collaborate with a passionate team of security experts.Opportunities for professional growth with access to training and industry certifications.Competitive salary, benefits, and a strong work-life balance.