Cloud Security Lead

Cleo is seeking a Lead Cloud Security Engineer to design, implement, and continuously improve security controls across our cloud infrastructure and SaaS environments.

This role is responsible for strengthening Cleo’s AWS security posture, embedding secure-by-default cloud guardrails, and partnering closely with Platform and Engineering teams to reduce infrastructure risk without slowing innovation.

The ideal candidate is hands-on, technically deep in AWS, and experienced in building scalable cloud security capabilities in a high-growth SaaS environment.

What You Will Be Doing

Cloud Security Architecture

Design and implement secure cloud architecture patterns

Establish guardrails for AWS accounts and services

Strengthen multi-account strategy and segmentation

Improve IAM design, permission boundaries, and least-privilege models

Review major infrastructure changes for security impact

Cloud Detection and Visibility

Implement and tune cloud-native detection capabilities

Integrate AWS security services into centralized monitoring

Identify misconfigurations and excessive permissions

Improve signal-to-noise ratio in cloud alerts

Infrastructure as Code Security

Embed security controls into Terraform or other IaC workflows

Enforce policy-as-code guardrails

Ensure IaC scanning is integrated into CI/CD pipelines

Reduce configuration drift across environments

Vulnerability and Configuration Management

Oversee cloud misconfiguration detection and remediation

Track infrastructure vulnerability exposure

Reduce critical vulnerability exposure window

Partner with Platform teams to automate remediation

Data Protection and Encryption

Ensure proper encryption standards across storage and databases

Manage KMS usage and key lifecycle best practices

Strengthen logging and monitoring coverage

Incident Response Support

Lead cloud-focused investigations during security incidents

Improve forensic readiness in AWS

Harden logging and evidence retentio