Information Security Engineer (CSPM Specialist)

About the Role

Seeking an experienced Information Security Engineer (CSPM Specialist) to support enterprise cloud security initiatives for a major financial services organization.

This role focuses on securing public and hybrid cloud environments through a combination of security engineering, automation, cloud governance, and DevSecOps practices. The ideal candidate will possess strong experience implementing and managing cloud security tooling, working within Agile environments, and integrating security controls into modern CI/CD pipelines.

As a key member of the Information Security team, you will serve as both an engineer and consultant, helping product teams design, implement, and maintain secure cloud-native solutions while driving continuous improvement across cloud security posture management (CSPM) capabilities.

Location: Remote (EST/CST)
Experience Level: 6–20+ Years
Employment Type: Contract

What You'll Do

Cloud Security Engineering

• Serve as the primary security engineering resource on cloud-focused initiatives.

• Design and implement secure architectures across public and hybrid cloud environments.

• Partner with engineering teams to embed security throughout the software development lifecycle.

• Evaluate and implement cloud security controls and best practices.

CSPM & Security Tooling

• Support and enhance Cloud Security Posture Management (CSPM) capabilities.

• Engineer, deploy, and maintain enterprise security tools and platforms.

• Develop automation to improve cloud security monitoring, remediation, and compliance reporting.

• Configure and optimize cloud security policies and controls.

DevSecOps & Automation

• Integrate security controls into CI/CD pipelines and DevOps workflows.

• Collaborate with development teams to implement Infrastructure as Code (IaC) security practices.

• Leverage tools such as Jenkins, GitHub, Terraform, and cloud-native security services.

• Promote secure development and deployment standards across engineering teams.

Security Consulting & Governance

• Advise Product Owners, Principal Engineers, and technical leadership on security architecture and operational considerations.

• Assist in the development and maintenance of security standards, procedures, and guidelines.

• Participate in security reviews, threat assessments, and risk mitigation activities.

• Support ongoing compliance and regulatory initiatives.

Operations & Incident Support

• Participate in Information Security operational activities.

• Support monitoring, maintenance, and optimization of security platforms.

• Participate in on-call rotations supporting enterprise security operations.

• Assist with security investigations and cloud security incident response activities.
  

Required Skills

Must-Have

• Cloud Security Engineering

• Public Cloud Platforms (AWS, Azure, GCP)

• Agile Methodologies

• DevOps Practices

• CI/CD Pipelines

• Jenkins

• GitHub

• Terraform

• Infrastructure as Code (IaC)

• Containerization Technologies (Docker, Kubernetes, OpenShift, etc.)

• Security Architecture & Engineering

• Security Automation

• Cloud Governance & Risk Management

Nice-to-Have

• Container Security Scanning

• Prisma Cloud

• AWS Config

• Cloud Security Posture Management (CSPM) Platforms

• Kubernetes Security

• Financial Services Industry Experience

• DevSecOps Program Experience

Ideal Candidate Profile

The ideal candidate is a hands-on cloud security engineer who understands both security and modern software delivery practices. They have experience securing cloud-native environments, integrating security into CI/CD pipelines, and leveraging automation to improve security posture at scale.

Success in this role requires strong collaboration skills, the ability to influence engineering teams, and experience balancing security requirements with business objectives in highly regulated environments.

Technical Environment

• AWS / Azure / Hybrid Cloud

• Terraform

• Jenkins

• GitHub

• CI/CD Pipelines

• Container Platforms

• Kubernetes

• DevSecOps Toolchains

• CSPM Platforms

• Security Automation Frameworks

• Agile Delivery Teams