We are seeking a Cloud Security Engineer to lead the design, implementation, and governance of secure Infrastructure-as-Code (IaC) environments. This is a fully remote role on a small, senior team. Your decisions will carry real weight and directly impact our team and the outcomes we deliver for clients. We are seeking engineers who own objectives and outcomes, not just tasks. This role will focus on building scalable, automated, and security-first cloud solutions that align with best practices, regulatory frameworks, and organizational security requirements across AWS, Azure, and/or GCP. This role reports to the Director of FedRAMP Engineering and works directly with our compliance and assessment teams.
Description
ABOUT THE COMPANY
RISCPoint is a cybersecurity consulting firm specializing in helping organizations navigate complex compliance frameworks such as FedRAMP, SOC 2, ISO 27001, and HITRUST. Our team is made up of former assessors, auditors, and industry experts who deliver tailored, high-quality engagements designed to meet each client’s unique needs. With rapid growth and a reputation for trusted expertise, RISCPoint partners with leading cloud service providers, technology companies, and enterprises across industries. Join us and be part of a team that is shaping the future of cybersecurity compliance.
Key Responsibilities
• CI/CD Pipeline Ownership: Design, implement, and maintain CI/CD pipelines that enforce automated security gates, policy-as-code checks, and compliance validation before deployment.
• Automation-First Engineering: Identify manual, error-prone, or repetitive processes and replace them with reliable, scalable automation making the team faster and processes more consistent.
• Secure IaC Development: Build and maintain a library of secure, reusable Terraform modules that encode compliance requirements (SOC 2, ISO 27001, FedRAMP, and others) directly into infrastructure.
• Security-by-Design Implementation: Own security architecture decisions across cloud deployments, including IAM design, network segmentation, secrets management, logging and monitoring pipelines, and encryption controls.
• Client Collaboration: Partner directly with client engineering and compliance teams to translate regulatory and security requirements into executable infrastructure solutions. Document and communicate architectural decisions clearly to both technical and non-technical stakeholders.
• Continuous Improvement: Evaluate and implement emerging IaC security tools, frameworks, and methodologies to advance cloud security posture.
• Practice Development: As an early member of a growing team, actively shape how we approach cloud security engagements. Contribute to internal tooling, methodology, and standards that will define the future of the practice.
Qualifications
• 3+ years of professional experience in cloud infrastructure or DevSecOps, with a focus on Terraform and reusable module creation in at least one major cloud platform (AWS/GCP/Azure).
• 1+ year of hands-on experience with Terraform in enterprise environments, including integrating Terraform with CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.).
• Strong expertise in cloud security including IAM, networking, secrets management, encryption, and monitoring.
• Experience with observability platforms (Datadog, etc.).
• Solid understanding of compliance requirements (FedRAMP, FISMA, CMMC Level 2,
SOC 2, ISO 27001, HIPAA, or similar).
• Experience with SAST/DAST tooling (SonarQube, Snyk, Burp Suite, Tenable/Nessus, etc.).
• Experience with containerization, Kubernetes, and secure hardening.
• Familiarity with cloud governance frameworks and CSPM tools (e.g., Prisma Cloud, Wiz, Lacework, AWS Security Hub, AWS Inspector).
• Highly comfortable in scripting languages such as Python or Bash.
• Experience working with and securely configuring Linux operating systems (DISA STIG etc.).
• Excellent communication skills with the ability to translate security requirements into actionable engineering tasks and convey technical concepts to non-technical audiences.
• Cloud certifications at an intermediate level or higher. AWS Solutions Architect Associate required. AWS Solutions Architect Professional, Security Specialty, GCP, and Azure equivalents preferred.
COMPENSATION & BENEFITS
• Base Salary + Bonus
• Company Paid Health Insurance
• Company Paid Dental Insurance
• Company Paid Vision Insurance
• 401k with 3% Company Contribution (Traditional & Roth Options)
• Generous Vacation Policy
About the Company
RISCPoint was founded with the vision to seamlessly integrate with your team, utilizing only high-performing professionals with deep technical and operational experience to fulfill your security and compliance needs.
Our diverse team has served companies ranging from Fortune 10 to pre-series A start-ups. Our first priority is to understand your specific needs, only recommending services we are certain will deliver a meaningful return on investment. We provide business-focused risk, technology and cybersecurity solutions, specifically tailored to your organization.