Cloud Security Engineer - Aws Focus

Description Ledgebrook is a tech-enabled E&S MGA on a mission to modernize Specialty insurance. The industry is burdened with legacy technology and inefficient processes, preventing innovation at scale. We are changing that. Our goal is to become the best-in-class full-stack insurance and re/insurer, leveraging AI and data-driven insights to revolutionize underwriting, pricing, and risk selection. We believe in talent density—fewer, better people working together as one. We win as a team, and our success is shared through generous equity packages for all employees. About the Role We are seeking a Cloud Security Engineer with deep expertise in securing cloud-native environments, with a strong emphasis on AWS services. The ideal candidate will have a solid understanding of cloud infrastructure, DevSecOps practices, and modern security frameworks. You will play a key role in designing and implementing secure architectures, tooling, and practices to protect our cloud infrastructure and workloads. Key Responsibilities: Design, implement, and manage secure AWS cloud architectures , including networking, IAM, and service configurations. Develop and enforce cloud security standards, policies, and guardrails across AWS environments. Implement automated security controls using tools like Terraform, AWS Config, Security Hub, GuardDuty , and Inspector . Collaborate with DevOps and engineering teams to integrate security into CI/CD pipelines (DevSecOps). Monitor and respond to security events using SIEM and cloud-native logging tools ( CloudWatch, CloudTrail, AWS Security Hub, etc. ). Conduct threat modeling , risk assessments , and security architecture reviews for AWS-based applications and services. Maintain and optimize identity and access management across AWS accounts using IAM, SSO, SCPs , and Organizations . Manage data protection strategies , including encryption (KMS), DLP, and secure key management. Support compliance initiatives (e.g., SOC 2, HIPAA, ISO 27001, or FedRAMP ) with evidence collection and policy implementation. About you Here at Ledgebrook we are passionate about creating a team that is on a continuous learning journey and that shares our excitement about building a company from the ground up. Some of the characteristics we hold dear are: A passion to deliver a world-class customer service experience to both internal and external customers Intellectual curiosity and a desire to innovate processes/procedures versus being satisfied with the status quo A desire to continue learning whatever your career stage Agile prioritization skills coupled with a keen sense of urgency that seeks to balance getting it right versus getting it done right now A strong drive and desire to win together as a high-performing team A moral compass to “do the right thing, period”, we have zero tolerance for toxic behaviors. Requirements Basic Qualifications: 3+ years of experience in a Cloud Security, Security Engineering, or related role. Strong knowledge of AWS security services , architectures, and best practices. Experience with Infrastructure as Code (IaC) tools such as Terraform or CloudFormation . Hands‑on experience with cloud monitoring and logging , especially in an AWS context. Proficiency in scripting or automation (e.g., Python, Bash, or PowerShell ). Solid understanding of network security , firewalls , VPC design , and zero‑trust principles . Familiarity with incident response processes , SIEM platforms , and forensics tools . Comfortable working cross‑functionally with engineering, IT, and compliance teams. Self‑starter with a proactive approach to risk identification and mitigation. Willingness to participate in an on‑call rotation or security incident escalations as needed. Preferred Qualifications: AWS certifications such as AWS Certified Security – Specialty, Solutions Architect, or DevOps Engineer. Experience with multi‑account AWS environments and AWS Organizations. Knowledge of container security , especially within Amazon ECS . Experience with third‑party security tools such as Tenable, Prisma Cloud, Wiz, or Lacework . Experience with compliance frameworks and translating them into technical controls. Background in penetration testing, red/blue teaming, or threat intelligence is a plus. For those applying in the US: Please note: This position is open only to candidates who are authorized to work in the United States without the need for current or future employer‑sponsored work authorization. We are unable to offer visa sponsorship at this time. Benefits US Benefits Competitive salary and meaningful equity ownership Health Insurance 100% employer‑paid option available (US only) Additional benefits available include 401k plan, dental, vision & other options (US only) Remote work, flexible hours Unlimited time off policy Ownership, autonomy, purpose Poland Benefits: Competitive salary and meaningful equity Completely remote, flexible schedule, and monthly coworking gatherings Unlimited paid time off Clear ownership and impact from day one Collaborative, transparent work culture #J-18808-Ljbffr