Principal Cloud Security Engineer

Job Description

This is a remote position.

Orienta is partnering with a global technology company that builds an end-to-end Human Capital Management (HCM) platform used by organizations worldwide. Their platform manages the entire employee lifecycle—HR, payroll, time, talent, and workforce—and supports enterprise-scale environments with high expectations for security, reliability, and compliance.

The Cloud Security team is expanding and seeking a Principal Cloud Security Engineer to serve as a hands-on technical expert and trusted advisor across cloud programs. This team owns the security of multiple cloud environments—primarily Azure and AWS—and is responsible for designing and implementing security controls that support global regulatory and industry requirements.

If you thrive in fast-moving environments, enjoy building automation, and want to influence security at platform scale, this role offers significant ownership and impact.

What you’ll do

Drive Enterprise Cloud Security

Lead end-to-end implementation of CNAPP solutions (e.g., Wiz) across Azure and select AWS environments, including policy design, tuning, and operational workflows.

Harden cloud environments through identity and access controls, Azure Policies, network segmentation, and cloud-native security tooling.

Develop and maintain secure IaC and DevSecOps practices—integrating security into CI / CD pipelines (Terraform, GitHub Actions, etc.), artifact signing, SBOMs / attestations.

Enable Governance & Compliance

Translate frameworks such as FedRAMP, NIST, CIS, and PBMM into technical controls, automated evidence collection, and continuous monitoring.

Define policy-as-code patterns and reusable Terraform modules to prevent misconfigurations before deployment.

Architecture, Advisory & Mentoring

Partner with product, engineering, and platform teams to design secure cloud architectures and participate in design reviews.

Act as a trusted advisor to cloud, operations, and executive teams—communicating risk, trade-offs, and priorities.

Mentor junior engineers and contribute to a culture of security-first thinking.

Incident Response & Posture Improvement

Collaborate with SecOps and AppSec teams to triage findings, evaluate risk, and drive remediation across vulnerabilities, identities, data, and workloads.

Use metrics and KPIs to measure posture improvements and demonstrate business impact.

What We’re Looking For

Required Qualifications

Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.

10+ years in security engineering or security architecture, with deep experience in cloud security (preferably in SaaS or technology companies).

Hands-on expertise with :

CNAPP platforms (Wiz or similar), including rollout, policy design, tuning, and automation.

Microsoft Defender for Cloud and Azure security services (Entra ID, RBAC, Key Vault, networking, monitoring).

Multi-cloud (Azure and AWS).

DevSecOps practices, including pre-merge security checks, image scanning, artifact signing, SBOM / attestations.

Production-grade IaC using Terraform Enterprise / Terraform Cloud (modules, registries, policy-as-code, drift management).

Kubernetes / containers (AKS / EKS), image signing, runtime protection, and registry security.

Security automation using Python or PowerShell.

Experience with :

KRIs / KPIs and tuning policies against frameworks (CIS, NIST, STIG).

Compliance and security engineering for FedRAMP, PBMM, ISO 27001, SOC 2, or similar regulated environments.

Influencing product, engineering, and executive stakeholders.

Operating independently with strong ownership and accountability.

Preferred Qualifications

Azure certifications (AZ-500, SC-100, SC-200) highly preferred.

Industry certifications such as CISSP or CCSP.

DevOps experience with infrastructure / cloud / application pipelines.

Experience with SAST / DAST tooling, penetration testing, or security scanning.

Knowledge of LLMs and experience building generative AI–powered automation or agents.

Programming experience with Python, Java, .NET, C#, Rego, YAML

What’s in It for You

Competitive compensation, perks, and recognition programs

Flexible time-off and well-being benefits

Diversity, equity & inclusion programs that foster belonging

Volunteer opportunities and community engagement

Continuous learning, training support, and paid certifications to accelerate your career growth