Lead Cloud Security Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

About the Role

We're seeking a Lead Cloud Security Engineer to join our Product Security team’s Cloud Infrastructure Security wing, where you'll play a critical role in building and maintaining security infrastructure that prevents issues before they become incidents. Working closely with our leads across Qualys, you'll design and implement security controls, automation, and policies that protect our cloud-native products at scale.

What You'll Do

Cloud Security Engineering

• Design, implement, and maintain security controls for Kubernetes environments across multiple clusters
• Develop and optimize Infrastructure as Code (IaC) security patterns using tools like Terraform and CloudFormation
• Build and enforce Policy as Code frameworks to ensure consistent security posture across cloud platforms
• Create and maintain security policies for Platform-as-a-Service (PaaS) offerings
• Conduct security reviews of cloud architecture as well as services, recommend hardening measures, and drive adoption through IaC and PaC.

Cloud Security Posture Management (CSPM)

• Write/ create appropriate security policies
• Review the CSPM findings and work with appropriate stakeholders to get the findings remediated.
• Quarterly posture assessment presentation with the stakeholders

Process Automation

• Develop automation solutions to streamline security workflows and eliminate manual security tasks
• Build security tooling and integrations that enable product teams to shift security left
• Create automated compliance checks and remediation workflows
• Implement security testing automation within CI/CD pipelines
• Design self-service security capabilities that empower engineering teams

Security Analysis

• Perform in-depth security assessments of applications, infrastructure, and cloud environments
• Analyze security telemetry and metrics to identify trends and potential vulnerabilities
• Investigate security findings and provide detailed remediation guidance
• Conduct threat modeling for new features and architecture changes
• Evaluate emerging security technologies and recommend adoption strategies

What You Bring

Required:

• 7+ years of experience in security engineering, with significant focus on cloud security
• Experience in managing/ writing policies in any of the industry leading CSPM platform
• Proficiency in Policy as Code frameworks (OPA/Rego, Sentinel, or similar)
• Deep understanding of the cloud services and workloads security.
• Hands-on experience with major cloud platforms (AWS, Azure, or GCP)
• Strong experience with Infrastructure as Code tools like HELM and security best practices
• Deep expertise in Kubernetes security (RBAC, network policies, pod security, admission controllers)
• Programming/scripting skills in Python, Go, or similar languages for automation
• Strong understanding of container security and orchestration
• Experience with security automation and DevSecOps practices
• Excellent problem-solving skills and ability to work independently

Preferred:

• Experience with Qualys’s Total Cloud platform
• Experience with REGO, Python
• Experience with Terraform
• Experience with security scanning tools (SAST, DAST, SCA, container scanning)
• Knowledge of compliance frameworks (SOC 2, ISO 27001, PCI DSS)
• Contributions to open-source security projects
• Relevant security certifications (CCSP, CCSK, CKS, or equivalent)
• Experience in product security or application security role

Why Join Us

You'll be part of a team that operates at the intersection of security, engineering, and product development. We believe in preventing problems before they occur through smart automation, robust architecture, and proactive security practices. You'll have the opportunity to work with cutting-edge cloud technologies while making a tangible impact on product security at Qualys.