Lead Cloud Security Engineer

Role: Lead Cloud Security Engineer
Location: Houston, TX (Hybrid – 4 days onsite and 1 day remote)
Duration: Fulltime

Lead Cloud Security Engineer
The ideal candidate will bring a robust understanding of cloud security frameworks and compliance requirements and proven hands-on experience realizing security outcomes with cloud-native security tools and automation. You will be responsible for designing, implementing, and maintaining well-engineered preventive and remediation cloud security guardrails and processes, collaborating with decentralized development and operations teams. The candidate is expected to have AWS and/or Azure cloud security engineering expertise.
Key Outcomes
Cloud security engineering focuses on building secure, scalable, and resilient cloud architectures. Key security outcomes for cloud security engineering include:
Strengthened Access Control: Ensure only authorized users, systems, and services can access cloud resources.
Resilient Cloud Infrastructure: Design security frameworks that help cloud environments withstand and recover from attacks.
Data Protection & Compliance: Safeguard sensitive data in transit and at rest, meeting regulatory requirements (GDPR, HIPAA, etc.).
Proactive Threat Detection & Response: Detect and mitigate threats before they escalate.
DevSecOps Integration: Embed security into every stage of the software development lifecycle.
Compliance & Governance: Ensure adherence to legal and organizational security standards.
Incident Response: Minimize the impact of security incidents with well-defined response processes.
Reduced Attack Surface: Eliminate vulnerabilities through rigorous security assessments and proactive measures.
Key Responsibilities
Detect, Prevent, Remediate
* Identify and assess security risks, communicate potential threats to stakeholders, and implement effective remediation strategies.
* Design, implement, and maintain preventive and remediation controls across AWS and Azure.
* Apply and enforce industry-standard security frameworks, including CIS Benchmarks, AWS Foundational Security Best Practices (FSBP), and MS Cloud Security Benchmark (MCSB).
* Track and report on the effectiveness of AWS/Azure detective controls and other 3rd parties such as Wiz.
Security Engineering Process
* Develop processes and cloud policies/standards, ensuring proactive and efficient response to threats.
* Assist internal teams to integrate security into CI/CD pipelines and workflows.
* Contribute to the development of security automation and security posture improvements.
Compliance Management
* Conduct security audits, manage cloud security documentation, and ensure ongoing compliance with industry regulations (GDPR, HIPAA, etc.).
Collaboration and Training
* Work closely with cross-functional teams, including developers, architects, and operations, to implement and monitor security practices.
* Empower internal teams by leading training sessions and workshops on AWS and Azure security best practices.
Continuous Improvement
* Continuously evaluate emerging cloud security trends, integrating innovative solutions to enhance the organization’s security posture.
Required Qualifications
Technical Expertise
* Strong experience in AWS and/or Azure security services and frameworks.
* Hands-on experience with tools like AWS security services (IAM, Security Hub, GuardDuty, CloudTrail, CloudWatch, Config, and Automated Security Remediation) and/or Azure security services (Entra ID, Cloud Defender).
* Experience in securing containers and Kubernetes configurations.
* Proficiency in network security, including securing virtual networks, firewalls and governance, and subnets.
* Proven experience securing cloud infrastructure, including IaaS resource patching and container image scanning.
* Experience with 3rd party remediation software such as Cloud Custodian, Stacklet.
* Demonstrated ability to secure and manage hybrid cloud environments.
Automation and Development
* Proficient in scripting and automation using Python, Terraform, and Azure/Functions or AWS/Lambda.
* Experience with Infrastructure as Code (IaC) tools such as Terraform.
* Develop and implement policy-as-code solutions using tools such as GitHub Copilot and AWS Code Whisperer.
Compliance Knowledge
* Experience ensuring compliance with GDPR, HIPAA, and cloud security frameworks such as CIS, AWS/FSBP, and MS/MCSB.
DevSecOps Practices
* Proven expertise embedding security controls within DevOps workflows, CI/CD pipelines, and cloud-native development processes.
* Skills with GitHub/Azure-DevOps, PowerShell, Bash, AWS/Azure CLI.
* Familiarity with container security in AWS/Azure environments
Preferred Certifications (Highly Valued but Not Required)
* AWS Certified Security – Specialty.
* AWS Certified DevOps Engineer – Professional.
* MS Certified: Azure Security Engineer Associate.
* MS Certified: DevOps Engineer Expert.
* CISSP, CCSP, or equivalent industry certifications.
Soft Skills
* Strong analytical mindset with the ability to assess complex security challenges and drive innovative solutions.
* Ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
* Ability to work collaboratively in a federated operating model.
* Continuous learning mindset to keep up with emerging technologies

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian’s platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian’s brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit https://dexian.com/ to learn more.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.