[Hiring] Cloud Security Engineer @Tyto Athene

Role Description

Tyto Athene is hiring a Cloud Security Engineer to join our team of cloud, security, and compliance experts. This role is primarily focused on day-to-day security engineering, including:

• System hardening
• Vulnerability remediation
• Cloud operations
• Security tool management across AWS environments supporting federal and commercial customers

Engineers may also support GCP and Azure environments as needed. In addition to regular business-hours responsibilities, engineers participate in a structured after-hours 24×7 on-call rotation (primary or backup) to support response to incidents, alerts, and escalations for customers operating under FedRAMP, FISMA, and NIST 800-53 frameworks.

Responsibilities

• Perform systems administration and maintenance including patching, vulnerability scanning, compliance scanning and remediation, backups, and recovery for cloud workloads.
• Primarily support AWS environments, including Windows and Linux virtual machines, container workloads, and cloud-native services such as EC2, EBS, S3, RDS, EKS, ECS, IAM, CloudTrail, GuardDuty, Security Hub, WorkSpaces, and related AWS security services.
• Support GCP and Azure cloud environments as needed, including compute, storage, identity, and containerized workloads.
• Configure, update, and maintain security tools for endpoint protection, log collection, vulnerability scanning, compliance monitoring, and cloud security posture management (CSPM).
• Troubleshoot issues across network, compute, application, and identity layers by reviewing logs, collecting data, and analyzing system behavior.
• Implement hardening and compliance controls using CIS Benchmarks, DISA STIGs, and FedRAMP requirements.
• Remediate vulnerabilities identified by tools such as Tenable, Trivy, OpenSCAP, Anchore, Prisma Cloud/Twistlock, and similar security platforms.
• Provide quality assurance feedback during system deployments to ensure architecture meets compliance and operational requirements.
• Collaborate with Security Analysts to ensure uninterrupted delivery of security services to customers.
• Create and maintain documentation including network diagrams, dataflow diagrams, SOPs, and security tool configuration guides.
• Support client communications, deliverables, and issue resolution with strong verbal and written communication skills.
• Support and mentor junior engineers as needed.
• Contribute to automation and infrastructure-as-code initiatives supporting secure cloud operations and continuous compliance.

After-Hours 24×7 On-Call Rotation

• Serve as primary or backup on-call engineer during assigned rotation.
• Respond to after-hours security alerts, infrastructure incidents, outages, and ConMon events.
• Perform initial triage, containment, and stabilization using established runbooks.
• Investigate and respond to alerts generated.
• Escalate complex issues to senior engineers, architects, or compliance teams.
• Document incidents, actions taken, and recommended improvements.
• Contribute to automation improvements and runbook enhancements.

Qualifications

• Six (6) or more years of IT engineering and/or cybersecurity experience, with at least three (3) years working in a dedicated cloud security engineering or similar position.
• Strong hands-on experience supporting AWS environments in a security engineering, cloud operations, or DevSecOps capacity.
• Experience securing and supporting AWS-native services and cloud security tooling, including IAM, logging/monitoring, vulnerability management, container security, and cloud compliance.
• Familiarity with GCP and/or Azure cloud environments and the ability to support multi-cloud environments as needed.
• Ability to diagnose and resolve issues across Linux and Windows systems, network infrastructure, and cloud services.
• General systems administration and vulnerability management experience, including system patching and hardening, identity and access management (IAM), and related tasks.
• Experience working in a DevSecOps environment, integrating security practices into cloud and infrastructure workflows.
• Experience with cloud-native security tooling and monitoring solutions.
• Familiarity with ITSM ticketing systems such as GitLab (preferred), Jira, ServiceNow, etc.
• Ability to work independently during both business hours and on-call periods.
• Strong written and verbal communication skills for customer interaction and incident documentation.
• Hands-on experience with one or more of the following tools:
• Splunk Enterprise
• Tenable Security Center/Nessus
• Invicti/Acunetix
• Appgate
• Okta
• GitLab
• Palo Alto Networks Firewalls
• TrendMicro Deep Security
• Trivy
• Anchore
• Terraform
• CloudFormation
• Ansible

Desired

• Bachelor's Degree in Computer Science or other relevant field.
• Experience supporting federal/government-facing customers or consulting engagements, ensuring compliance and operational requirements.
• Experience with FedRAMP, FISMA, or NIST 800-53 compliance frameworks.
• Prior on-call, SRE, SOC, or incident response experience.
• Relevant AWS certifications such as AWS Certified Security – Specialty, Solutions Architect, or SysOps Administrator.
• Security+ or other relevant industry security certification.
• Experience with infrastructure-as-code or automation tooling.
• Experience with Kubernetes and container security is highly desirable.

Location

Remote (US)

Clearance

Must be a US Citizen with the ability to obtain a security clearance.

Compensation

Compensation is unique to each candidate and relative to the skills and experience they bring to the position. The salary range for this position is typically between $110,000-$140,000. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits

• Health/Dental/Vision
• 401(k) match
• Paid Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• Professional development reimbursement
• Parental leave