Cloud Security Engineer, Sr

About This Role

Responsibilities

• Design, implement, and maintain secure landing zones across AWS and Azure, using preventive guardrails to block deployment of security misconfigurations
• Leverage cloud-native security services such as AWS IAM, KMS, Secrets Manager, Service Control Policies, Security Hub, GuardDuty, CloudTrail, Config, WAF, Inspector, and Azure AD, Defender for Cloud, Key Vault, Security Center, Sentinel, Policies
• Develop and enforce cloud security baselines, guardrails, and configuration standards
• Support the creation and refinement of cloud control narratives that assert the security posture of cloud landing zones
• Implement deep observability to unify logs and metrics across multiple services to derive both real-time and historical insights
• Develop, manage, and engage in code review of complex IAM policies that define cross-account access patterns, ensuring adherence to the Principle of Least Privilege
• Implement Just-in-Time access workflows that avoid long-lived credentials
• Support emerging use cases for cloud with bespoke IAM identity and policies that maintain security posture and data privacy
• Utilize enterprise security tools such as Tenable, Qualys, and Snyk to identify, prioritize, and remediate vulnerabilities across cloud workloads
• Track and report security posture improvements and integrate automated scanning into CI/CD pipelines
• Embed security early in the Secure Software Development Lifecycle (SSDLC) and partner with development teams to implement automated security testing
• Integrate SAST, SCA, and IaC scanning tools into CI/CD pipelines
• Write, review, and maintain Terraform configurations for cloud resource deployment
• Implement automated security controls and monitoring via IaC
• Build and maintain secure-by-default Terraform modules that enforce least privilege, encryption, and compliance requirements
• Develop and fine-tune cloud security monitoring using native and third-party tools
• Assist in cloud-focused incident management/response, log analysis, forensics, and root cause investigations
• Develop detective, preventive, and proactive controls to identify, prevent, and remediate security misconfigurations and anomalous activity
• Ensure cloud environments align with frameworks such as NIST, CIS Benchmarks, SOC2, and ISO27001
• Perform continuous compliance checks using AWS Config, Azure Policies, Terraform policies (OPA), and scanning tools
• Support internal and external cloud security audits

Requirements

• 5–7+ years of experience in cloud security engineering or related roles
• Deep practical knowledge of AWS and Azure security services
• Proficiency with HashiCorp Terraform
• Hands-on experience with Tenable, Qualys, Snyk, or similar vulnerability/scanning tools
• Expertise in observability and incident management
• Strong understanding of identity and access management
• Strong understanding of network security and zero trust principles
• Strong understanding of encryption, key management, secrets management
• Strong understanding of data privacy best practices
• Experience implementing security practices in GitOps environments
• Strong communication and documentation abilities
• Collaborative mindset with a focus on partnering with engineering teams
• Ability to manage multiple priorities and drive security initiatives independently
• Develops Talent – Own your development and career
• Promotes Change – Actively seeks information and remains agile
• Strategy in Action – Breaks down larger goals into smaller achievable goals
• Compelling Communication – Effectively shares information and ideas
• Makes Decisions & Solves Problems – Takes ownership with appropriate urgency
• Delights Clients – Passionately serves with excellence
• Leads Inclusively – Seeks diverse relationships and examines own biases
• Personifies ONB Culture – Demonstrates organizational values in daily interactions
• Preferred: AWS Security Specialty certification
• Preferred: Azure Security Engineer Associate certification
• Preferred: CISSP certification
• Preferred: CCSP certification
• Preferred: GIAC Cloud Security certification (GCSA/GCLD)
• Preferred: Experience with Policy-as-code frameworks (OPA/Rego, HashiCorp Sentinel)
• Preferred: Experience with Platform-as-a-Service and serverless services
• Preferred: Strong scripting skills (Python, Bash, PowerShell)

Benefits & Perks

About Old National Bank

Old National Bank is a prominent commercial bank in the Midwest, ranking as the sixth largest in the region with approximately $71 billion in assets. Established in 1834 as Evansville's first bank, it has grown to operate nearly 200 retail branches across Indiana, Michigan, Wisconsin, Minnesota, Kentucky, and Illinois. The bank's headquarters are located in both Chicago and Evansville, Indiana. Old National Bank offers a wide range of financial services, including retail and commercial banking, wealth management, investment services, and loans for local businesses. Its wealth management division, known as 1834, provides customized advisory and investment management services. The bank emphasizes community banking, focusing on building long-term relationships with clients and supporting local economic development.