Principal Cloud Security Engineer

WSGR

Palo Alto, CA
Remote
Education
Qualifications
Benefits
Skills
Experience
Special Commitments
Other
Apply
10,000+ Similar Jobs

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. We represent companies at every stage of development, from entrepreneurial start-ups to multibillion-dollar global corporations, as well as the venture firms, private equity firms, and investment banks that finance and advise them. The firm has approximately 1,100 attorneys in 17 offices: 13 in the U.S., two in China, and two in Europe. Our broad spectrum of practices and entrepreneurial spirit allow exceptional opportunities for professional achievement and career growth.

The Principal Cloud Security Engineer role is responsible for leading the architecture of public, private and hybrid clouds. This role will lead and advise on advanced secure cloud infrastructure supporting business needs and requires deep technical knowledge of cloud computing architecture, security principles and cybersecurity best practices. The position will design secure infrastructure and applications that align with business and cybersecurity strategy to support a fast-paced environment. This engineer will work in a cross-disciplinary role and plan comprehensive, full-stack security architecture and resilient applications to support the needs of the business. You will provide timely, secure and cost-efficient solutions that elevate the company’s cloud security posture and security rigor.

The Principal Cloud Security Engineer is highly technical and proficient in cybersecurity and systems administration across a wide variety of infrastructure (SaaS, IaaS, PaaS). This role continuously refines playbooks, processes, workflows and procedures for operational excellence. Automation, provisioning and managing cloud resources across multiple environments with infrastructure as code (IaC) principles is required. This person will establish business relationships and have strong interpersonal and communication skills, as well as the ability to delegate tasks to junior teammates and guide them. In tandem with security leadership, this cloud security engineer will consistently assess the threat landscape and adapt quickly to protect the firm from risk. You will mentor junior employees to help strengthen the depth of the team. This role will report to security leadership and have strong working relationships with IT and application development leadership.

Key Responsibilities:

  • Architect and articulate a scalable and resilient vision for secure public, private and hybrid clouds.
  • Lead security architecture design with SaaS, PaaS and IaaS.
  • Provide guidance and direction on secure design, build, testing and deployment across cloud infrastructure.
  • Collaborate with security, architecture and engineering leadership to support business objectives.
  • Identify and enforce enterprise standards to support secure, resilient and compliant solutions.
  • Serve as a subject matter expert and escalation point of contact for problem resolution, including incident response.
  • Able to perform testing and evaluations of security controls and device configuration/security.
  • Secure container platforms and workloads from build through runtime.
  • Design automated security controls, guardrails, and pipelines (IaC scanning, CI/CD integration, deployment-time policy enforcement).
  • Advise on identity and access management best practices: Azure AD, role-based access control, managed identities, conditional access, and least privilege.
  • In coordination with infrastructure peers, define and monitor network segmentation, private connectivity, and secure service-to-service communication patterns.
  • Lead architecture reviews for cloud-native applications and infrastructure.
  • Monitor, detect, and respond to security incidents affecting cloud and container environments; integrate cloud-native logging and SIEM tools.
  • Establish configuration management, and hardening standards as applicable.
  • Stay current with cybersecurity threats, AI, risks and vulnerabilities with potential impact to services.
  • Mentor and coach staff on secure development, cloud security patterns, container security, and operational best practices.
  • Evaluate, pilot, and operate cloud security tools and managed services (CNAPP, CSPM, CWPP, vulnerability scanners, WAF, API security).
  • Collaborate on budgeting, procurement, and lifecycle management of cloud security tooling and services.

Education and/or Work Experience Requirements:

  • Bachelor’s degree preferred
  • Eight years minimum experience securing an enterprise environment
  • Hands-on experience securing Azure and AWS environments
  • Experience securing container platforms and orchestration: container image hardening, runtime security, network policies, and service mesh considerations.
  • Experience with cloud-native detection and monitoring: designing logging, alerts, and playbooks; working with SIEMs and SOAR.
  • Knowledge of application and data protection mechanisms: encryption at rest/in transit, key management, secret management patterns.
  • Strong understanding of identity and authentication protocols (OAuth2, OIDC, SAML) and secure API authentication/authorization.
  • Experience with vulnerability management for cloud infrastructure and container images; patch management strategies.
  • Solid scripting/automation skills (PowerShell, Python, Bash) and familiarity with APIs/SDKs for automation.
  • Knowledge and experience in using and managing Unix/Linux.
  • Proven track record conducting security architecture reviews.
  • Exceptional communication skills with the ability to explain technical issues to engineers and non-technical stakeholders.
  • Strategic thinker with a pragmatic, risk-based approach to security decisions.
  • Self-starter who takes ownership and drives initiatives to completion.
  • Comfortable in fast-paced, agile environments and able to balance strategic projects with operational response.

Preferred Qualifications:

  • Experience with CNAPP/CSPM/CWPP tools.
  • Experience with Zero Trust architectures and implementing micro-segmentation.
  • Strong collaborator and influencer; able to build consensus across engineering and product teams.

The primary location for this job posting is in Palo Alto, but other locations may be listed. The actual base pay offered will depend upon a variety of factors, including but not limited to the selected candidate’s qualifications, years of relevant experience, level of education, professional certifications and licenses, and work location. The anticipated pay range for this position is as follows:

Palo Alto, New York, San Francisco: $163,200 - $220,800 per year. Austin, Boston, Boulder, Century City, Delaware, Los Angeles, Salt Lake City, San Diego, Seattle, Washington, D.C., and all other locations: $147,050 - $198,950 per year.

The compensation for this position may include a discretionary year-end merit bonus based on performance. We offer a highly competitive salary and benefits package.

Benefits information can be found here. Equal Opportunity Employer (EOE).

Read Full Description
Apply
Jobs at WSGR
Similar Jobs
Confirmed 15 hours ago. Posted 18 days ago.

Discover Similar Jobs

Suggested Articles

Leaving Consulting: The Why, When, How and What For?
Managing a Software Career
Demand for (Artificial) Intelligence: Jobs for Engineers & Scientists
Is it Really 10 Times Harder to Get Into Google Than Goldman Sachs?
How to Master the Technical Interview at Google and Facebook
Customer Success

Software Jobs That Allow Remote Work