Posted at: 28 January

Cloud Security Automation Engineer

Company

GuidePoint Security

GuidePoint Security is a Herndon, Virginia-based B2B cybersecurity consulting firm specializing in tailored security solutions, incident response, and compliance services for commercial and federal organizations.

Remote Hiring Policy:

GuidePoint Security supports remote work and primarily hires from the U.S., with roles available in various regions including the Mid-Atlantic. Most remote positions are limited to U.S.-based candidates.

Job Type

Full-time

Allowed Applicant Locations

United States

Apply Here

Job Description

Job Summary:

We are seeking an experienced Cloud Security Automation Engineer to join our consulting team. In this client-facing role, you will work with various organizations to secure their cloud-native workloads, including the entire lifecycle of Kubernetes environments. You will leverage your expertise in Policy as Code, Infrastructure as Code (IaC), secrets management, and CI/CD platforms to help clients build secure, scalable, and automated cloud infrastructures.

Key Responsibilities:

  • Client Engagement: Collaborate with clients to understand their cloud security needs, assess current environments, and provide expert guidance on securing cloud-native and multi-cloud workloads.

  • Kubernetes Security Consulting: Design, implement, and provide guidance on securing Kubernetes clusters for clients, including best practices in cluster hardening, network policies, RBAC, and runtime security.

  • Policy as Code: Advise clients on developing and enforcing security policies using tools like OPA (Open Policy Agent), HashiCorp Sentinel, or other Policy as Code solutions to maintain compliance across their cloud environments.

  • Infrastructure as Code (IaC) Consulting: Work with clients to secure their IaC deployments using tools such as Terraform, CloudFormation, or Bicep templates, ensuring security best practices are followed.

  • Secrets Management: Assist clients in implementing and automating secrets management solutions using tools like HashiCorp Vault, AWS Secrets Manager, or Kubernetes Secrets.

  • CI/CD Pipeline Security: Collaborate with clients' DevOps teams to integrate security controls into their CI/CD processes, leveraging tools like Jenkins, GitHub Actions, GitLab CI, and other automation platforms.

  • Cloud-Native Workloads: Guide clients in securing various cloud-native services, including serverless functions, containers, and managed cloud services using best-in-class security tools and practices.

  • Monitoring & Remediation: Help clients implement monitoring and logging solutions for cloud security events and automate threat detection and response using SIEM tools and cloud-native services.

  • Training & Best Practices: Educate clients' teams on cloud security best practices, secure automation techniques, and security-as-code methodologies.

  • Automation: Develop scripts, tools, and playbooks to assist clients in automating repetitive security tasks, ensuring consistent enforcement of security controls across cloud environments.

Qualifications:

  • Proven experience in consulting or a similar role, with a focus on securing cloud-native environments, particularly Kubernetes.

  • Proficiency in Policy as Code tools (e.g., Open Policy Agent, Kyverno, HashiCorp Sentinel) and experience guiding clients in their implementation.

  • Expertise in Infrastructure as Code (IaC) tools like Terraform, CDKTF, AWS CloudFormation, AWS CDK, Bicep, or Azure Resource Manager (ARM).

  • Strong knowledge of secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, Akeyless, Azure KeyVault) and the ability to guide clients through the implementation process.

  • Experience with CI/CD & GitOps platforms and integrating security into DevOps & GitOps processes (e.g., Jenkins, GitHub Actions, GitLab CI, ArgoCD, Harness, ADO).

  • Solid understanding of cloud platforms (AWS, Azure, GCP, or OCI) and their native security services.

  • Excellent client-facing communication and presentation skills, with the ability to work collaboratively in diverse environments.

  • Experience with scripting and automation (e.g., Python, Bash, PowerShell) to support client engagements.

  • Preferred: Certifications such as

    • Kubernetes & Cloud Native Association Certifications:

      • Certified Kubernetes Security Specialist (CKS)

      • Certified Kubernetes Administrator. (CKA)

      • Certified Kubernetes Application Developer (CKAD)

      • Kubernetes and Cloud Native Associate (KCNA)

      • Kubernetes and Cloud Native Security Associate (KCSA)

    • CSP Certifications:

      • AWS Certified Security – Specialty

      • AWS DevOps Engineer – Professional

      • AWS Solutions Architect -- Professional and/or Associate

      • AWS SysOps Administrator – Associate

      • AWS Developer – Associate

      • Azure Security Engineer Associate – AZ-500

      • Azure Developer Associate – AZ-204

      • Azure DevOps Engineer – AZ-400

      • Google Cloud Engineer

      • Google Cloud Architect

      • Google Cloud Developer

      • Google Cloud Security Engineer

      • Google Cloud DevOps Engineer

    • HashiCorp Certifications

      • Terraform Associate

      • Terraform Authoring and Operations Professional

      • Vault Associate

      • Vault Operations Professional

      • Consul Associate

    • Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK)

Preferred Skills:

  • Experience with container security tools (e.g., Aqua Security, CNAPPs (Prisma Cloud, Wiz, Crowdstrike), Falco).

  • Familiarity with cloud security frameworks (e.g., CIS, NIST, ISO) and the ability to guide clients in adopting them.

  • Knowledge of DevSecOps practices and experience in integrating security into the software development lifecycle.

Apply Here