Cloud Security Engineer

📋 Description

• • Own and continuously improve Polymarket’s AWS security posture across all accounts, regions, and services, including IAM policies, Service Control Policies (SCPs), VPC segmentation, and account-level security baselines
• • Review and contribute to infrastructure as code (IaC) modules written in Pulumi, Terraform, CDK, or equivalent, embedding security defaults into deployment pipelines through policy-as-code validation and misconfiguration scanning
• • Own cloud-side security telemetry by managing and interpreting data from CloudTrail, GuardDuty, Security Hub, Config Rules, VPC Flow Logs, and S3 access logs to detect anomalies and enforce compliance
• • Develop and tune detection logic for cloud-specific threats, collaborating with the SOC team to improve alert fidelity, refine incident response runbooks, and lead AWS-level investigations
• • Govern secrets management using AWS Secrets Manager and SSM Parameter Store, including KMS key policy design, rotation schedules, and envelope encryption patterns
• • Drive remediation of findings from AWS Inspector, Security Hub, and third-party CSPM tools, maintaining benchmarks aligned to CIS AWS Foundations and industry best practices
• • Support audit and compliance activities including SOC 2, PCI-DSS, or similar frameworks by preparing documentation, conducting access reviews, and remediating privilege creep
• • Partner closely with DevOps, Platform, and Application Engineering teams to make secure-by-default configurations the path of least resistance, ensuring security does not impede engineering velocity
• • Evaluate architectural decisions for security risk and clearly communicate findings to engineering peers, advocating for secure design patterns in system upgrades and new deployments
• • Implement and maintain automated security controls within CI/CD pipelines to prevent misconfigurations before they reach production environments
• • Monitor and respond to cloud-based threat vectors specific to high-volume transactional systems, with awareness of risks unique to decentralized financial platforms
• • Conduct regular access reviews across AWS accounts to identify and remediate excessive permissions, ensuring least-privilege principles are enforced at scale
• • Collaborate with internal teams to translate compliance requirements into technical controls and validate adherence through automated assessments and manual audits
• • Maintain up-to-date documentation of security architectures, control implementations, and incident response procedures for internal and external review
• • Proactively identify emerging cloud security risks and propose scalable solutions that align with Polymarket’s rapid growth and high-transaction environment
• • Serve as the primary cloud security liaison between engineering, compliance, and external auditors during assessments and remediation cycles
• • Apply scripting or programming skills (Python, TypeScript, or Go) to automate routine security tasks, build custom tooling, and integrate security checks into existing workflows