Cloud Security Engineer

Job Description:

Cloud Security Engineer

The Security team at WorkOS is responsible for protecting our infrastructure, data, and systems at scale. As a Cloud Security Engineer, you’ll focus on the security of our cloud environments and infrastructure—making sure that everything from IAM policies to network boundaries is configured with least privilege and built to withstand real-world threats.

This is a hands-on role that blends security engineering with deep infrastructure context. You’ll partner with Infra and SRE teams to improve visibility, tighten controls, and embed security into the core of our cloud-native architecture.

What you'll be doing

• Design and implement security controls across our AWS environments and Kubernetes infrastructure
• Identify and resolve misconfigurations, over-permissive access, and vulnerable patterns in cloud resources
• Improve tooling and automation for IAM, secrets management, and resource provisioning
• Partner with Infrastructure and SRE teams to embed security into infrastructure design and CI/CD workflows
• Define and monitor for cloud security signals—unusual access, configuration drift, privilege escalation paths
• Contribute to our threat modeling, risk assessments, and security incident response
• Help with audit and compliance readiness (SOC 2, ISO 27001), focusing on scalable enforcement rather than checklists
• Document systems and build internal security knowledge and shared context

Requirements

• Experience securing cloud infrastructure (we use AWS) in a production environment
• Familiarity with IAM, networking, Kubernetes, and infrastructure as code (Terraform preferred)
• Understanding of cloud attack techniques and how to mitigate them
• Comfort working independently and collaboratively in a high-autonomy environment

Nice to have

• Experience building internal security tooling or automation
• Familiarity with compliance frameworks (SOC 2, ISO 27001)