Information Security Engineer (CSPM Specialist)

About the Role

Seeking an experienced Information Security Engineer (CSPM Specialist) to support enterprise cloud security initiatives for a major financial services organization.

This role focuses on securing public and hybrid cloud environments through a combination of security engineering, automation, cloud governance, and DevSecOps practices. The ideal candidate will possess strong experience implementing and managing cloud security tooling, working within Agile environments, and integrating security controls into modern CI/CD pipelines.

As a key member of the Information Security team, you will serve as both an engineer and consultant, helping product teams design, implement, and maintain secure cloud-native solutions while driving continuous improvement across cloud security posture management (CSPM) capabilities.

Location: Remote (EST/CST)

Experience Level: 6--20 Years

Employment Type: Contract

What You'll Do

Cloud Security Engineering

• Serve as the primary security engineering resource on cloud-focused initiatives.
• Design and implement secure architectures across public and hybrid cloud environments.
• Partner with engineering teams to embed security throughout the software development lifecycle.
• Evaluate and implement cloud security controls and best practices.

CSPM & Security Tooling

• Support and enhance Cloud Security Posture Management (CSPM) capabilities.
• Engineer, deploy, and maintain enterprise security tools and platforms.
• Develop automation to improve cloud security monitoring, remediation, and compliance reporting.
• Configure and optimize cloud security policies and controls.

DevSecOps & Automation

• Integrate security controls into CI/CD pipelines and DevOps workflows.
• Collaborate with development teams to implement Infrastructure as Code (IaC) security practices.
• Leverage tools such as Jenkins, GitHub, Terraform, and cloud-native security services.
• Promote secure development and deployment standards across engineering teams.

Security Consulting & Governance

• Advise Product Owners, Principal Engineers, and technical leadership on security architecture and operational considerations.
• Assist in the development and maintenance of security standards, procedures, and guidelines.
• Participate in security reviews, threat assessments, and risk mitigation activities.
• Support ongoing compliance and regulatory initiatives.

Operations & Incident Support

• Participate in Information Security operational activities.
• Support monitoring, maintenance, and optimization of security platforms.
• Participate in on-call rotations supporting enterprise security operations.
• Assist with security investigations and cloud security incident response activities.