Search Remote Jobs

Cloud Engineer

Job not on LinkedIn

🕒 4 days ago

🇺🇸 United States – Remote

⏰ Full Time

🟡 Mid-level

🟠 Senior

☁️ Cloud Engineer

🦅 H1B Visa Sponsor

info
Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of LeoLabs

LeoLabs

51 - 200 employees

Founded 2016

🚀 Aerospace

🔧 Hardware

☁️ SaaS

Aerospace • Hardware • SaaS

LeoLabs is a commercial provider of persistent orbital intelligence and space domain awareness services. The company operates a network of ground-based, rapidly deployable radars and a cloud-based, AI-enabled platform to track and catalog objects in low Earth orbit, deliver real-time conjunction alerts, threat assessments, launch support, and space traffic management data for commercial and government customers. LeoLabs combines radar hardware, authoritative datasets, and SaaS analytics to help operators protect assets, avoid collisions, and manage launch and on-orbit operations.

📋 Description

• Design, build, and maintain secure cloud landing zones across AWS and Azure environments. • Implement account and subscription structures that separate workload zones, including commercial workloads, government workloads, Corporate IT, security services, and restricted CUI/ITAR environments. • Build baseline controls for new cloud accounts and subscriptions, including owner tagging, logging, security baselines, routing, encryption, key policies, break-glass review, and monitoring requirements. • Support landing-zone acceptance criteria so new cloud environments are provisioned with required guardrails before workloads are deployed. • Implement federated access patterns using SAML/OIDC, IAM Identity Center, Azure Entra ID, or comparable identity platforms. • Support least-privilege access, role lifecycle management, JIT/PIM/PAM workflows, service account controls, and removal of shared accounts. • Help automate credential rotation, secrets management, service account governance, and break-glass monitoring. • Partner with the Security team to ensure privileged cloud activity is authenticated, authorized, logged, reviewed, and tied to approved workflows. • Implement preventative and detective cloud guardrails using tools such as AWS Organizations, SCPs, AWS Config, Azure Policy, Defender for Cloud, Wiz, Terraform, CloudFormation, Bicep, or similar platforms. • Codify baseline configurations for logging, encryption, network controls, public exposure prevention, security-group rules, storage policies, KMS/key vault use, and workload tagging. • Monitor and remediate drift from approved cloud security baselines. • Support detection and automated response for public admin exposure, cloud policy drift, unapproved data movement, stale credentials, and overly permissive IAM roles. • Partner with the Network team to implement secure cloud network patterns, including hub-and-spoke networking, transit gateways, vWAN, private endpoints, centralized DNS, private admin paths, and controlled egress. • Ensure cloud workloads are not exposed through unnecessary public interfaces. • Support routing and connectivity decisions for radar telemetry and other cloud workload environments. • Implement cloud-side controls for SASE/ZTNA access, private application access, firewall inspection, flow logging, and route governance. • Integrate cloud logs and security signals into centralized SIEM/SOC workflows. • Onboard and maintain telemetry sources such as CloudTrail, AWS Config, VPC Flow Logs, Azure Activity Logs, NSG Flow Logs, Entra ID logs, KMS/Key Vault events, storage access logs, CSPM findings, vulnerability findings, and workload security events. • Partner with the Security team to build detection use cases for exposed cloud services, privileged access anomalies, credential hygiene drift, data boundary violations, and cloud configuration drift. • Support retention tiers, immutable logging, audit trails, alert evidence, and compliance reporting requirements. • Help automate evidence collection customer and governmental regulatory frameworks. • Create reusable artifacts such as policy exports, IaC repositories, drift reports, access reviews, logging configurations, encryption evidence, SIEM cases, and change records. • Support compliance control areas including access control, identification and authentication, audit and accountability, system and communications protection, configuration management, system integrity, and incident response. • Ensure that compliance evidence is generated from the same systems that enforce security controls, reducing manual artifact collection. • Create clear documentation for landing-zone patterns, account vending, guardrails, IAM roles, logging flows, network integration, operational runbooks, and escalation paths. • Participate in architecture decision records, change control, incident response, and modernization planning. • Work with Security, Network, SRE, IT Support, and other Engineering teams to ensure cloud capabilities are operationally supportable. • Help define and execute the cloud modernization backlog across containment, capability buildout, and full modernization phases.

🎯 Requirements

• Must be eligible to obtain and maintain a U.S. personnel security clearance • 5+ years of hands-on cloud engineering experience in AWS, Azure, or hybrid cloud environments. • Strong experience with AWS and/or Azure core services, including IAM, networking, logging, encryption, storage, compute, security monitoring, and account/subscription management. • Experience building or operating cloud landing zones, multi-account AWS environments, Azure management groups, or similar cloud governance structures. • Hands-on experience with infrastructure-as-code tools such as Terraform, CloudFormation, Bicep, CDK, Ansible, or similar. • Experience implementing cloud security controls, including IAM least privilege, logging baselines, encryption, key management, public exposure prevention, security groups, policy enforcement, and configuration monitoring. • Experience integrating cloud logs or findings into SIEM, SOAR, CSPM, or monitoring platforms. • Working knowledge of cloud networking, including VPC/VNet design, routing, private endpoints, security groups, NACLs/NSGs, flow logs, transit gateways, vWAN, VPNs, and egress controls. • Ability to document cloud designs, implementation plans, runbooks, and compliance evidence. • Strong collaboration skills with security, networking, infrastructure, SRE, and operations teams.

🏖️ Benefits

• Global workforce: flexible remote/hybrid opportunities • Work on complex, meaningful missions with real-world impact • Unlimited paid time off for most roles • Competitive salary and equity packages • Comprehensive health, dental, and vision coverage • Access to the forefront of commercial space operations and defense innovation

Apply Now

Similar Jobs

🕒 5 days ago

Availity

1001 - 5000

⚕️ Healthcare Insurance

☁️ SaaS

🔌 API

Cloud Network Engineer III supporting multi-cloud infrastructure as part of a healthcare technology team. Responsible for documentation, development, and maintenance of cloud implementations.

🕒 6 days ago

Vericast

5001 - 10000

💸 Finance

💳 Fintech

☁️ SaaS

Cloud Engineer supporting and operating Microsoft Azure and Microsoft 365 platforms at Vericast. Engineering, administration, and continuous improvement of cloud and identity services.

🕒 6 days ago

Cloud at Work

51 - 200

☁️ SaaS

🏢 Enterprise

Cloud Support Engineer at Net at Work providing advanced remote technical support across multiple client environments. Focusing on swift service restoration and detailed documentation of technical issues.

🕒 6 days ago

Unacast

51 - 200

Senior Cloud Security Engineer focusing on AWS cloud security at Unacast. Responsible for designing and implementing security controls across AWS and company systems.

🕒 July 10

Fortinet

10,000+ employees

🔒 Cybersecurity

☁️ SaaS

🤝 B2B

Cloud Security Developer ensuring secure and scalable cloud access solutions for CASB at Fortinet. Collaborate with teams to optimize SaaS platform architecture and implement CASB features.