Note: The job is a remote job and is open to candidates in USA. Echo Global Logistics is a leading provider of technology-enabled transportation management services. They are seeking a Principal Cloud Security Engineer to build secure AWS platform patterns and improve security through code in a multi-account environment.
Responsibilities
- Design and implement secure-by-default AWS account, organization, and baseline guardrail patterns across multi-account environments
- Build and maintain reusable Terraform modules, policy-as-code, and infrastructure delivery patterns that prevent high-risk actions, reduce drift, and improve traceability
- Partner with Platform and Architecture to establish security account, centralized logging, onboarding, identity, and baseline control patterns
- Implement and tune Service Control Policies and related preventive controls for high-risk cloud actions
- Establish logging integrity protections and detection coverage for tampering with CloudTrail, logging pipelines, and core monitoring controls
- Define cloud telemetry standards so security-relevant AWS, EKS, Lambda, and CI/CD workflow events are usable by XSIAM and MDR workflows
- Create approved Terraform modules, paved-road patterns, and secure reference architectures for engineering teams
- Provide security design input for hybrid and network-connected cloud architectures without becoming the day-to-day firewall backlog owner
- Embed security controls into CI/CD and infrastructure delivery workflows so policy validation happens in code paths, not after deployment
- Collaborate with Security Operations to improve cloud detection content, alert quality, response workflows, and support automated validation and drift detection for cloud security controls
Skills
- 8+ years software engineering, platform engineering, SRE, infrastructure engineering, or cloud security, with substantial recent experience building and securing AWS environments through code
- Strong hands-on experience in AWS security engineering in multi-account environments
- Deep experience with infrastructure-as-code, especially Terraform, including reusable modules and tested patterns
- Strong software engineering or platform engineering background; ability to write production-quality code in at least one modern language such as C#, Go, Python, Java, or TypeScript
- Experience with policy-as-code, preventive guardrails, configuration governance, or cloud-native policy enforcement
- Hands-on experience securing Kubernetes/EKS and serverless patterns in AWS
- Experience building detective and preventive controls for cloud logging, monitoring, and control plane integrity
- Experience partnering with platform and engineering teams in a product-oriented environment through design reviews, pull requests, and developer enablement
- Ability to translate risk into practical, durable technical controls and communicate architecture decisions clearly in writing
- Experience integrating cloud telemetry into a SIEM, XDR, or modern SOC platform
- Familiarity with hybrid connectivity and cloud network controls; experience with Palo Alto or Prisma is helpful but not required
- Experience with CI/CD security patterns, reusable modules, and secure platform enablement
- Experience securing AI/GenAI services, internal copilots, or agentic workflows in cloud environments
Benefits
- This role is eligible for a bonus that is based on a combination of personal and business performance.
Company Overview
Company H1B Sponsorship