Job Description

Capella Cloud Security team has a mandate to ensure enterprise-level security and compliance.

You will join the Capella Cloud Security team and collaborate with various stakeholders to ensure security at design, define and implement security best practices keeping Capella secured and compliant. You will ensure security monitoring (SIEM) and operational KPIs.

A Cloud Security Engineer specialising in Terraform and cloud-native security will design, implement, and maintain secure cloud environments across AWS, Azure, and GCP. The role will leverage Infrastructure as Code (IaC) methods to automate cloud resource provisioning, harden environments, and ensure compliance with security best practices and frameworks.

Key Responsibilities

• Design and implement secure cloud architectures using Terraform in AWS, Azure, and GCP environments.
• Automate provisioning, scaling, and management of cloud security controls (IAM, encryption, logging, etc.) leveraging native services.
• Integrate and maintain cloud security tools for monitoring, threat detection, and incident response.
• Perform security assessments, risk analysis, penetration testing, and compliance audits within cloud environments.
• Align security controls with CIS, NIST, SOC2, ISO27001, PCI DSS, or similar compliance frameworks.
• Collaborate with DevOps, cloud engineering, and application teams to securely enable new features and cloud services.
• Investigate, respond to, and document security incidents and recommended remediations.
• Maintain and improve documentation and automation for infrastructure and security processes.

Required Qualifications

• Bachelor’s degree in computer science, Information Security, or related field, or equivalent experience.
• 3+ years hands-on experience with Terraform and cloud-native infrastructure in AWS, Azure, and/or GCP.
• Deep expertise in IAM, VPC/network security, key management and encryption, secrets management, logging, and monitoring in cloud platforms.
• Experience implementing and maintaining cloud security best practices and complying with standards such as CIS Benchmarks, NIST, or GDPR.
• Proficiency in scripting languages (Python, Bash, PowerShell, or similar) to automate security and operational tasks.\
• Familiarity with container security and Kubernetes is a plus.
• Strong problem-solving, incident response, and analytical skills.
• Excellent written and verbal communication for collaborating and reporting.

Preferred Skills/Certifications

• Cloud provider certifications (AWS Security, Azure Security Engineer, GCP Professional Cloud Security Engineer)
• Terraform Associate certification
• Experience with CI/CD pipelines and security automation
• Experience with security monitoring tools (e.g., GuardDuty, Security Command Center, Security Center)
• Familiarity with secure software development and DevSecOps practices