Cloud Security Engineer - AWS Focus
⚲ Wrocław, Warszawa, Poznań, Gdańsk, Kraków, Katowice
25 000 - 28 000 PLN netto (B2B)
Wymagania
- Python
- Amazon ECS
- Terraform
- CI/CD
- IaC
- Cloud Watch
- AWS
Opis stanowiska
Ledgebrook is a tech-enabled E&S MGA on a mission to modernize Specialty insurance. The industry is burdened with legacy technology and inefficient processes, preventing innovation at scale. We are changing that. Our goal is to become the best-in-class full-stack insurance and re/insurer, leveraging AI and data-driven insights to revolutionize underwriting, pricing, and risk selection.
We believe in talent density—fewer, better people working together as one. We win as a team, and our success is shared through generous equity packages for all employees.
We are seeking a Cloud Security Engineer with deep expertise in securing cloud-native environments, with a strong emphasis on AWS services. The ideal candidate will have a solid understanding of cloud infrastructure, DevSecOps practices, and modern security frameworks. You will play a key role in designing and implementing secure architectures, tooling, and practices to protect our cloud infrastructure and workloads.
Key Responsibilities:
• Design, implement, and manage secure AWS cloud architectures, including networking, IAM, and service configurations.
• Develop and enforce cloud security standards, policies, and guardrails across AWS environments.
• Implement automated security controls using tools like Terraform, AWS Config, Security Hub, GuardDuty, and Inspector.
• Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines (DevSecOps).
• Monitor and respond to security events using SIEM and cloud-native logging tools (CloudWatch, CloudTrail, AWS Security Hub, etc.).
• Conduct threat modeling, risk assessments, and security architecture reviews for AWS-based applications and services.
• Maintain and optimize identity and access management across AWS accounts using IAM, SSO, SCPs, and Organizations.
• Manage data protection strategies, including encryption (KMS), DLP, and secure key management.
• Support compliance initiatives (e.g., SOC 2, HIPAA, ISO 27001, or FedRAMP) with evidence collection and policy implementation.
Basic Qualifications:
•
3+ years of experience in a Cloud Security, Security Engineering, or related role.
• Strong knowledge of AWS security services, architectures, and best practices.
• Experience with Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
• Hands-on experience with cloud monitoring and logging, especially in an AWS context.
• Proficiency in scripting or automation (e.g., Python, Bash, or PowerShell).
• Solid understanding of network security, firewalls, VPC design, and zero-trust principles.
• Familiarity with incident response processes, SIEM platforms, and forensics tools.
• Comfortable working cross-functionally with engineering, IT, and compliance teams.
• Self-starter with a proactive approach to risk identification and mitigation.
• Willingness to participate in an on-call rotation or security incident escalations as needed.
Preferred Qualifications:
•
AWS certifications such as AWS Certified Security – Specialty, Solutions Architect, or DevOps Engineer.
• Experience with multi-account AWS environments and AWS Organizations.
• Knowledge of container security, especially within Amazon ECS.
• Experience with third-party security tools such as Tenable, Prisma Cloud, Wiz, or Lacework.
• Experience with compliance frameworks and translating them into technical controls.
Background in penetration testing, red/blue teaming, or threat intelligence is a plus.
We believe in talent density—fewer, better people working together as one. We win as a team, and our success is shared through generous equity packages for all employees.
We are seeking a Cloud Security Engineer with deep expertise in securing cloud-native environments, with a strong emphasis on AWS services. The ideal candidate will have a solid understanding of cloud infrastructure, DevSecOps practices, and modern security frameworks. You will play a key role in designing and implementing secure architectures, tooling, and practices to protect our cloud infrastructure and workloads.
Key Responsibilities:
• Design, implement, and manage secure AWS cloud architectures, including networking, IAM, and service configurations.
• Develop and enforce cloud security standards, policies, and guardrails across AWS environments.
• Implement automated security controls using tools like Terraform, AWS Config, Security Hub, GuardDuty, and Inspector.
• Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines (DevSecOps).
• Monitor and respond to security events using SIEM and cloud-native logging tools (CloudWatch, CloudTrail, AWS Security Hub, etc.).
• Conduct threat modeling, risk assessments, and security architecture reviews for AWS-based applications and services.
• Maintain and optimize identity and access management across AWS accounts using IAM, SSO, SCPs, and Organizations.
• Manage data protection strategies, including encryption (KMS), DLP, and secure key management.
• Support compliance initiatives (e.g., SOC 2, HIPAA, ISO 27001, or FedRAMP) with evidence collection and policy implementation.
Basic Qualifications:
•
3+ years of experience in a Cloud Security, Security Engineering, or related role.
• Strong knowledge of AWS security services, architectures, and best practices.
• Experience with Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
• Hands-on experience with cloud monitoring and logging, especially in an AWS context.
• Proficiency in scripting or automation (e.g., Python, Bash, or PowerShell).
• Solid understanding of network security, firewalls, VPC design, and zero-trust principles.
• Familiarity with incident response processes, SIEM platforms, and forensics tools.
• Comfortable working cross-functionally with engineering, IT, and compliance teams.
• Self-starter with a proactive approach to risk identification and mitigation.
• Willingness to participate in an on-call rotation or security incident escalations as needed.
Preferred Qualifications:
•
AWS certifications such as AWS Certified Security – Specialty, Solutions Architect, or DevOps Engineer.
• Experience with multi-account AWS environments and AWS Organizations.
• Knowledge of container security, especially within Amazon ECS.
• Experience with third-party security tools such as Tenable, Prisma Cloud, Wiz, or Lacework.
• Experience with compliance frameworks and translating them into technical controls.
Background in penetration testing, red/blue teaming, or threat intelligence is a plus.
🔍 Dekoder Ogłoszenia
🔴
fewer, better people working together as one
Oznacza to, że firma preferuje mniejszy, ale bardzo kompetentny zespół, co może sugerować wysokie oczekiwania i intensywną pracę.
🔴
Our success is shared through generous equity packages for all employees
Choć brzmi to pozytywnie, 'generous' jest subiektywne i może oznaczać symboliczny udział w zyskach lub akcje o niepewnej wartości.
🔴
play a key role in designing and implementing secure architectures, tooling, and practices
Może oznaczać, że będziesz odpowiedzialny za tworzenie od podstaw wielu rozwiązań, co wymaga dużej samodzielności i może być obciążające.
🟡
deep expertise in securing cloud-native environments, with a strong emphasis on AWS services
Wymaga bardzo specjalistycznej wiedzy, co może ograniczać zakres potencjalnych kandydatów i sugerować, że firma szuka kogoś, kto od razu będzie w stanie rozwiązywać złożone problemy.
🟡
integrate security into CI/CD pipelines (DevSecOps)
Wskazuje na konieczność aktywnego udziału w procesach deweloperskich i wdrażania, co może oznaczać konieczność pracy w trybie ciągłego dostarczania i reagowania na bieżące potrzeby.