Key skills
AWSAzureCloudGoogle Cloud PlatformKubernetesTerraformAmazon Web ServicesGCPGoogle CloudCI/CDLeadershipCollaborationCloud Security
About this role
Role Overview
- Lead and grow the Policy-as-Code team responsible for security and compliance controls across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)
- Define and operate a unified guardrail framework that enforces both security and compliance requirements (policy-as-code, admission controllers, Terraform guardrails)
- Own the policy lifecycle: authoring, testing, versioning, staged rollout, monitoring, and deprecation of automated policies
- Build continuous compliance automation: evidence collection, attestations, audit reporting, and remediation workflows that reduce manual audit effort
- Integrate policy enforcement into Continuous Integration (CI)/Continuous Delivery (CD), Infrastructure as Code (IaC) pipelines, Developer Experience (DevEx) workflows, and account provisioning operated by Foundations
- Establish operability criteria for policy enforcement (performance, false-positive tolerance, rollback procedures) and require operability signoff prior to production enforcement
- Drive cross-team collaboration with Cloud Foundations, Platform Acceleration, DevEx, Runtime Site Reliability Engineer (SRE), Legal & Compliance, and Enterprise Security to ensure policies are accurate, testable, and adoptable
- Respond to high-severity security or compliance incidents affecting the platform; lead technical remediation and convert findings into durable policy or platform changes
- Track and report security and compliance Key Performance Indicators (KPIs); use telemetry to prioritize policy coverage and reduce risk
- Contribute hands-on to critical policy implementations, admission controller integrations, or automation scripts as needed
Requirements
- 5+ years of experience in cloud security, platform security engineering, and/or cloud engineering
- 5+ years of experience implementing policy-as-code and admission control for cloud and Kubernetes (e.g., Azure Policy, AWS Configuration, GCP Organization Policy, Open Policy Agent (OPA)/Gatekeeper, Coverity)
- 3+ years of experience in leadership and/or team lead capacity
- 3+ years of experience with cloud provider security primitives and compliance controls across Azure, AWS, and GCP (identity, encryption, networking, logging)
- 3+ years of experience automating security and compliance controls in IaC and CI/CD pipelines (Terraform policy checks, pre-commit scanning, pipeline gates)
- Experience producing automated audit evidence and supporting compliance frameworks (National Institute of Standard Technology (NIST), Federal Risk and Authorization management Program (FedRAMP), Service Organization Control 2 (SOC2), or equivalent)
- Ability and willingness to perform hands-on technical work (policy modules, admission controllers, automation) alongside managerial duties
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Kubernetes
- Terraform
Benefits
- health insurance
- flexible spending accounts
- health savings accounts
- retirement savings plans
- life and disability insurance programs
- a number of programs that provide for both paid and unpaid time away from work