Software Engineer - Cloud Security

📋 Description

• • Architect and deliver hardened security controls for AWS and Azure environments, embedding guardrails directly into Lambda, S3, IAM, Functions, and Azure AD so every resource that spins up is compliant by default.
• • Pair program daily with senior cloud engineers and security architects, leveraging Test-Driven Development (TDD) to ship infrastructure-as-code modules (Terraform, CloudFormation, ARM) that provision, configure, and audit cloud resources in a single automated pipeline.
• • Own the full secure-SDLC—from threat-modeling user stories in iteration planning to writing unit, integration, and compliance tests—ensuring every pull request passes security gates before it reaches production.
• • Translate complex security policies into developer-friendly libraries and self-service templates that enable product teams to move fast without breaking guardrails; measure success by the reduction in manual security reviews and time-to-deploy.
• • Monitor, detect, and respond to cloud-native threats in real time using event-driven security tooling; tune alerts, write custom AWS Lambda or Azure Functions for auto-remediation, and feed lessons learned back into the backlog.
• • Champion the 12-Factor App methodology across microservices and containerized workloads running on Kubernetes; enforce least-privilege IAM roles, secrets management, and network micro-segmentation as non-negotiable acceptance criteria.
• • Collaborate with Product Managers, Risk, and Compliance teams to prioritize vulnerability backlogs, ensuring critical CVEs are remediated within SLA and that emerging regulatory requirements (e.g., NYDFS, PCI-DSS) are baked into the platform roadmap.
• • Drive continuous improvement through agile ceremonies—daily stand-ups, iteration planning, and retrospectives—using metrics such as defect-escape rate, build time, and security control coverage to guide decisions.
• • Mentor junior engineers and cross-functional teammates through knowledge-sharing sessions, code reviews, and guilds; foster a culture where constructive feedback is welcomed and acted upon quickly.
• • When "bench time" appears, invest it in self-study, spike new cloud security services (e.g., AWS Security Lake, Azure Defender for Containers), or contribute to open-source projects that align with Allstate’s security objectives.
• • Maintain rigorous documentation—runbooks, architecture decision records, and threat-model diagrams—so that any engineer can onboard and contribute within days, not weeks.
• • Exhibit a growth mindset: embrace change, experiment safely, and pivot rapidly based on customer feedback, market shifts, or emerging threat intelligence.
• • Satisfy all administrative obligations—timesheets, performance reviews, annual compliance training—while modeling the same security-first behaviors we expect from every Allstater.
• • Regular, predictable attendance and availability during core collaboration hours (10 AM–3 PM CT) are essential, even in a fully remote setting.