Introduction
We aim to build one of the strongest Engineering capabilities within Africa. Our Engineers are key to help us achieve this.
cloudandthings.io is a software engineering company specialising in Cloud, Software, Data, and AI. Our aim is to enable great engineers and organisations to do more, by building world-class cloud platforms, innovative software, and data environments that deliver true business value. We take great pride in our culture, that values creativity, teamwork, and ongoing learning.
We're on the lookout for a skilled and passionate Senior AWS Security Engineer to lead and grow as part of our expanding team.
Duties & Responsibilities
As a Senior AWS Security Engineer, you will lead a team of engineers while working in a consultative, project-based manner with our clients. You will be the trusted security advisor on engagements, owning the technical direction, guiding delivery, and ensuring your team produces high-quality, secure, and well-engineered outcomes.
The ideal candidate is a strong engineer first: someone who writes production-quality code and IaC, and who brings deep AWS security expertise to every client engagement. Specific tool experience matters less than the ability to learn fast, think critically, and build well.
- Lead a team of security and cloud engineers across client engagements, providing technical direction, mentorship, and hands-on support.
- Own client relationships through the full project lifecycle, from discovery and scoping through to delivery and handover, acting as the primary technical point of contact.
- Collaborate with clients to understand their security requirements, risk appetite, and compliance obligations, translating these into actionable security roadmaps.
- Design and implement cloud security architectures on AWS, covering identity, network, data protection, and workload security.
- Lead threat modelling exercises and security design reviews for cloud-native applications and infrastructure.
- Define and enforce IAM strategies, including least-privilege access, permission boundaries, SCPs, and role federation patterns.
- Implement detective and preventive security controls using services such as AWS Security Hub, GuardDuty, Config, CloudTrail, Macie, and Inspector.
- Build and maintain security-focused infrastructure as code (IaC) using Terraform, AWS CDK, or CloudFormation, writing code that serves as the standard for your team.
- Develop and integrate automated security checks into CI/CD pipelines (SAST, secret scanning, container image scanning, policy-as-code).
- Conduct cloud security assessments and translate findings into prioritised, business-aligned remediation roadmaps.
- Ensure client environments meet relevant compliance standards (e.g. PCI-DSS, ISO 27001, SOC 2, POPIA, NIST CSF).
- Respond to and lead investigation of cloud security incidents, performing root-cause analysis and post-incident review.
- Foster a culture of security-by-design across both internal teams and client organisations.
- Stay current with the evolving AWS security landscape, emerging threats, and industry best practices.
Desired Experience & Qualification
Requirements
- Bachelor's degree in Computer Science, Engineering, Information Security, or a related field (hands-on experience and skills are valued equally).
- 5+ years of experience in cloud or information security, with at least 3 years focused on AWS.
- Demonstrated experience leading or mentoring a team of engineers in a delivery or consulting context.
- Strong coding and scripting skills — Python preferred — with the ability to build tooling, automation, and security integrations from scratch.
- Strong proficiency in infrastructure as code (IaC): Terraform, AWS CDK, or CloudFormation. The ability to write clean, reusable, well-structured IaC is a core expectation of this role.
- Deep expertise in AWS security services: IAM, KMS, Secrets Manager, Security Hub, GuardDuty, CloudTrail, Config, WAF, Shield, Network Firewall, and VPC security controls.
- Strong understanding of AWS networking security: VPC design, PrivateLink, Transit Gateway, NACLs, Security Groups, and DNS security.
- Experience with multi-account AWS environments, AWS Organizations, SCPs, and landing zone governance — this is a core part of how our clients operate.
- Experience implementing policy-as-code tooling (e.g. Open Policy Agent, AWS Config Rules, CloudFormation Guard, Checkov).
- Solid knowledge of containerisation security (Docker, Kubernetes/EKS) and serverless security patterns.
- Familiarity with cloud security frameworks and compliance standards: CIS AWS Foundations Benchmark, NIST CSF, PCI-DSS, SOC 2, ISO 27001.
- Experience with security incident detection and response in cloud environments.
- Excellent communication and analytical skills, with the ability to manage client engagements, present to executive stakeholders, and lead technical workshops.
- Comfortable working in a project-based, consultancy-style environment with multiple concurrent clients and shifting priorities.
- Experience working in Agile or Scrum delivery environments.
Nice to Have
- Experience with Cloud Security Posture Management (CSPM) tooling, e.g. Wiz, Orca, Prisma Cloud, or AWS Security Hub at scale — including policy configuration, finding triage, and integration with engineering workflows.
- Experience building custom CSPM integrations or extending posture checks via APIs or IaC.
- Exposure to SIEM tooling (Splunk, Elastic, or similar) in cloud-integrated environments.
- Familiarity with endpoint detection and response (EDR) or XDR platforms such as CrowdStrike Falcon.
- Offensive security background or penetration testing experience.
Certifications (advantageous, not required)
- AWS Certified Security – Specialty
- AWS Certified Solutions Architect – Associate or Professional
- AWS Certified DevOps Engineer – Professional
- Certified Cloud Security Professional (CCSP)
- Certified Information Systems Security Professional (CISSP)
- Offensive Security Certified Professional (OSCP)
- HashiCorp Terraform Associate
- CKS (Certified Kubernetes Security Specialist)
Package & Remuneration
- A culture of engineering and an environment where ideas are heard and builders can build.
- Competitive salary, bonus, and incentive structure.
- A flexible and supportive work environment that values diversity, work-life balance, and personal growth.
- Opportunities for career advancement and ongoing professional development.
- The chance to work on cutting-edge products and technologies that make a real impact on people's lives.
- Mentoring and knowledge-sharing opportunities that foster personal and professional growth, with access to experienced leaders and a supportive peer network.