Senior/Staff Cloud Security Engineer

About the Company:World is a network of real humans, built on privacy-preserving proof-of-human technology, and powered by a globally inclusive financial network that enables the free flow of digital assets for all. It is built to connect, empower, and be owned by everyone.About UsTools for Humanity is a technology company dedicated to building for humans in the age of AI. Our mission is to create secure, scalable, and privacy-preserving infrastructure forWorld , a rapidly growing global network that providesidentity, financial, and community servicesto millions.World uses cutting-edgehardware, software, and blockchain technologyto enableProof of Humanity , ensuring trusted and verifiable identities worldwide. With over10 million verified usersand1,400+ verification orbsglobally, we're scaling fast. Security is at the heart of everything we build"”our team ensures the integrity ofcloud environments, identity systems, services edge, and blockchain applicationswhile designing state-of-the-art cryptographic solutions.Now, we're looking for an experiencedSenior or Staff Cloud Security Engineerto help build and scale asecurity-first cloud infrastructurethat will enable us toreach and protect every person in the world .About the RoleAs aSenior / Staff Cloud Security Engineer , you'll be responsible for designing, implementing, and securingour AWS-based cloud environments . You'll work closely with security, engineering, and infrastructure teams to build scalable security solutions that protectsensitive identity and financial datafrom evolving threats. This role offers a unique opportunity to tacklehigh-scale, high-stakes security challengesin a rapidly growing decentralized ecosystem.This is ahigh-impact rolewhere you will tacklecomplex and evolving threatsin a dynamic environment that spanscloud infrastructure, blockchain security, device security, and web applications .What You'll DoCloud Security Architecture & StandardsDevelop and enforceCloud Organization Security Standardsfor AWS environments.Leadsecurity architecture reviews , ensuring cloud services and applications followzero-trustandleast-privilegeprinciples.Enhanceidentity management security , includingrole-based access controls (RBAC), conditional access policies, and MFA requirements .Designsecure image hostingstrategies, includinggolden image enforcement and vulnerability scanning .Security Vulnerability & Compliance ReadinessEstablish and manage thevulnerability remediation processforcloud misconfigurations, IAM weaknesses, and application security gaps .Developautomated workflows for security finding remediation , ensuring alignment with compliance frameworks (SOC 2, ISO 27001, GDPR).Drivecompliance readinessby implementingaudit-friendly security controls and continuous monitoring .Cloud Access & Identity SecurityDefine and maintain asecure cloud access elevation procedure , ensuring temporary privilege escalations followjust-in-time (JIT) principles .OptimizeIAM governancewith strong enforcement ofleast privilege policies, automated access reviews, and logging for identity-based events .Secure CI/CD & Infrastructure as Code (IaC)Implement and manageCI/CD security controls , includingstatic application security testing (SAST), dependency scanning, and infrastructure-as-code (IaC) security .Work closely with DevOps teams toembed security into Terraform, Kubernetes, and AWS CloudFormation deployments .Automate cloud security monitoring andpolicy enforcement through security-as-codemethodologies.Who You Are7+ years of experienceinCloud Security Engineering, Security Architecture, or a related field .Expert in AWS security , includingIAM, KMS, VPC security, GuardDuty, SCPs, security groups, and WAF .Hands-on experience securingcloud-native workloads, containers, and Kubernetes environments .Strong understanding ofzero-trust architectures, cloud IAM governance, AuthN and AuthZ, and cloud security monitoring .Proven ability toautomate security processeswith Python, Bash, or Terraform.Hands-on experience withVersion Control platforms(Github, Gitlab, Bitbucket, Azure DevOps, etc.)Deep knowledge ofCI/CD security best practices , includingSAST, DAST, dependency scanning, and secrets management .Strong grasp ofcompliance frameworks(SOC 2, ISO 27001, GDPR, NIS2, PCI, CIS, etc.) and their cloud security requirements.Working knowledge ofLinux OSinstances.Nice to HaveExperience leadingthreat modeling, cloud security incident response, or forensic investigations .Knowledge ofprivileged access management (PAM) solutionsfor cloud environments.A portfolio ofsecurity research, open-source contributions, or conference presentations .Why Join Us?High-impact role : Your work directly secures a global identity and financial network serving millions.Cutting-edge tech : Work withAWS, blockchain security, zero-knowledge proofs, and cryptographic protocols .Strong security culture : Security is central to everything we build"”not an afterthought.Growth & autonomy : Lead initiatives, mentor others, and shape the future of security at TFH.If you're passionate aboutcloud security, large-scale systems, and protecting human identity , we'd love to hear from you.Apply now to help secure the future of digital identity.By submitting your application, you consent to the processing and internal sharing of your CV within the company, in compliance with the GDPR.Pay transparency statement (for CA and NY based roles):The reasonably estimated salary for this role at TFH ranges from $ 272,000-$310,000plus a competitive long term incentive package. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, TFH offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, vision, 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend and much more!#J-18808-Ljbffr

Created: 2025-02-22