Cloud Security Engineer

Polymarket Polymarket · Fintech · Remote · Engineering

Polymarket is seeking a Cloud Security Engineer to manage the security of their AWS environment. This role involves designing and implementing security controls in infrastructure code, building scalable guardrails, and reducing risk. Responsibilities include owning AWS security posture, reviewing IaC for security, managing cloud telemetry, developing threat detection logic, governing secrets management, remediating findings, and supporting audits. The ideal candidate has 4+ years of cloud security experience with deep AWS security services expertise, IaC proficiency, and scripting skills.

What you'd actually do

  1. Own and continuously improve Polymarket's AWS security posture across accounts, regions, and services — including IAM policies, SCPs, VPC segmentation, and account-level security baselines
  2. Review and contribute to IaC modules that encode security defaults; integrate automated security checks into the deployment pipeline including policy-as-code validation and misconfiguration scanning
  3. Own cloud-side security telemetry: CloudTrail, GuardDuty, Security Hub, Config Rules, VPC Flow Logs, and S3 access logging
  4. Develop and tune detection logic for cloud-specific threats; partner with the SOC team on alert fidelity, incident response runbooks, and AWS-level investigations
  5. Govern secrets management using AWS Secrets Manager and SSM Parameter Store; manage KMS key policies, rotation, and envelope encryption patterns

Skills

Required

  • 4+ years of experience in cloud security, cloud engineering, or a security-focused infrastructure role
  • Deep, hands-on expertise with AWS security services: IAM, SCP, GuardDuty, Security Hub, CloudTrail, Config, KMS, WAF, Inspector, and VPC
  • Hands-on experience writing infrastructure as code (Pulumi, Terraform, CDK, or equivalent) with a security-first mindset
  • Strong understanding of AWS networking and how misconfigurations translate to real attack surface
  • Proficiency in at least one scripting or programming language (Python, TypeScript, or Go) for automation and tooling
  • Ability to evaluate architectural decisions for security risk and communicate findings clearly to engineering peers

Nice to have

  • Familiarity with Pulumi, specifically TypeScript-based stacks
  • Familiarity with Web3, blockchain infrastructure, or crypto-sector threat models
  • Experience securing containerized workloads on ECS or EKS, including image scanning and runtime security
  • AWS certifications: Security Specialty, Solutions Architect — Professional, or equivalent
  • Exposure to SOC 2 Type II or PCI-DSS cloud control requirements

What the JD emphasized

  • AWS security services
  • infrastructure as code
  • security-first mindset
  • SOC 2
  • PCI-DSS