Principal AWS Security Engineer -- Direct Client
Why This Role Stands Out
This remote Principal AWS Security Engineer role offers a unique opportunity to shape security as an engineering output, driving innovation and impact through code. If you have a strong software engineering background with deep AWS expertise and a passion for building robust, scalable security controls, you'll thrive in this dynamic environment. Apply now to leverage your skills and contribute to a cutting-edge security foundation.
Quick Overview
Job Description
Job Title: Principal Cloud Security Engineer (AWS)
Location: Remote/Chicago, IL
Duration: 6-12 Months
Client: Direct
Our client is seeking a Principal Cloud Security Engineer to make security an engineering output rather than a review checkpoint. You’ll build the Terraform modules, AWS account patterns, policy-ascode, and CI/CD controls that engineering teams use to ship safely so the security baseline rises through code, not through tickets. This is a software engineering role inside our security team. We want someone whose instinct, when handed a security problem, is to design and ship a durable technical control, not to write a policy document or stand up another tool. Engineers who came up through software, platform, or SRE work and then went deep on security are exactly who we’re looking for.
What you’ll do
• Design AWS multi-account, organization, and guardrail patterns that make the secure path the easy one.
• Build and own a library of Terraform modules and policy-as-code that engineering teams adopt across the company.
• Implement preventive controls, including SCPs, deployment-time policy validation, and drift detection, for high-risk cloud actions, in the code paths where work already happens.
• Build logging integrity and tamper resistance into CloudTrail, telemetry pipelines, and core monitoring; define what good cloud telemetry looks like for downstream detection.
• Partner with Platform and Architecture on identity, networking, EKS, and serverless patterns. Work with Security Operations to turn cloud signals into useful detections.
• Make architecture decisions visible through design docs, pull requests, and reference implementations others can read and copy.
What you bring
• 10+ years across software engineering, platform engineering, SRE, or cloud security, with substantial hands-on AWS work in multi-account environments.
• Production-quality code in at least one of Go, Python, TypeScript, C#, or Java. You think about security problems as software problems.
• Deep Terraform: reusable modules, tested patterns, and an opinion about how IaC should be structured at scale.
• Hands-on experience with policy-as-code, preventive guardrails, and securing EKS and serverless workloads.
• Experience building detective and preventive controls for cloud control planes and logging integrity.
• Comfort working through pull requests and design reviews with engineering teams, not only with security teams.
Nice to have
• SIEM/XDR integration experience; familiarity with Palo Alto or Prisma.
• CI/CD security patterns and developer-enablement work.
• Securing AI/GenAI services, internal copilots, or agentic workflows in cloud environments.
Skills
Similar jobs
Systems Security Engineer Anti-Tamper
ANDURIL INDUSTRIES · Costa Mesa, United States
Just now$166k - $220k/yrCyber Vulnerability Research Engineer
Maximus, Inc. · San Antonio, United States
19 minutes ago$120k - $160k/yrNetwork Security Engineer
Sriven Systems Inc. · United States
22 minutes agoSecurity Specialist
Cayuse Holdings, LLC · Arlington, United States
38 minutes ago$80k - $99k/yrSenior Security Engineer, Digital Asset Custody
Mindlance · Southlake, United States
39 minutes agoSecurity Engineer
Horizontal Talent · Brooklyn Park, United States
57 minutes ago$69 - $107/hr