Senior Cloud Security Engineer
Senior Cloud Security Engineer role at Pax8 in the USA — help define, assess, and secure the cloud platforms powering the world's leading managed intelligence marketplace.
🚀 Why this role matters
This is a high-impact opportunity to shape the security posture of Pax8's cloud and platform ecosystem.
Unlike many security engineering roles that focus primarily on application code, this position sits at the intersection of cloud security analysis, platform security architecture, and engineering influence. You'll evaluate how our platform is built today, identify security gaps and architectural weaknesses, and help define the standards, guardrails, and patterns that engineering teams will use going forward.
You'll operate at the intersection of security, DevOps, SRE, platform engineering, and emerging AI technologies—helping protect a rapidly growing global marketplace while influencing how secure cloud platforms are designed and operated at scale.
🌍 Life at Pax8
Pax8 is redefining how cloud technology is bought, sold, and secured. We're proud of our inclusive, high-energy culture where curiosity, collaboration, and innovation thrive.
As we continue our AI journey, new starters join at a moment of meaningful transformation—learning, experimenting, and building alongside cutting-edge technology that shapes the future of our platform and the broader technology channel.
This is an opportunity to help establish what "good" looks like for platform security while working alongside talented engineers building modern cloud-native systems.
🛠️ What you'll do
🔍 Assess and Improve Platform Security
- Review AWS, Kubernetes, CI/CD, and SaaS environments to identify security gaps, misconfigurations, and architectural weaknesses.
- Perform threat modeling, security architecture reviews, and cloud security assessments to identify attack paths, trust boundaries, and opportunities to reduce blast radius.
- Assess platform infrastructure against established security baselines and drive remediation efforts or formal risk acceptance.
- Validate that security controls are operating as intended across cloud, identity, network, and platform layers.
🧱 Define Security Standards and Architecture
- Establish and evolve cloud and platform security hardening standards across AWS, Kubernetes, CI/CD, and SaaS platforms.
- Translate infrastructure architecture into clear, actionable security expectations—and validate they work in practice.
- Develop reference architectures, decision records (ADRs), and security design guidance that engineering teams can operationalize.
- Define and maintain secure patterns, guardrails, and baseline configurations for cloud-native delivery.
🔑 Secure Identity and Access
- Define and enforce least-privilege access models across AWS and Kubernetes environments.
- Review and improve IAM policies, RBAC models, identity federation, service identities, and cross-account trust boundaries.
- Partner with engineering teams to reduce unnecessary privilege and strengthen access controls without impacting delivery velocity.
⚙️ Secure CI/CD and Platform Delivery
- Assess and improve CI/CD security controls including federated identity, GitHub Actions security, secrets management, deployment protections, and pipeline trust boundaries.
- Review Infrastructure-as-Code patterns and recommend secure-by-default approaches.
- Help engineering teams build secure delivery workflows that scale.
🌐 Strengthen Infrastructure and Network Security
- Validate network security controls, segmentation boundaries, ingress controls, and cloud networking architecture.
- Assess Kubernetes security controls including RBAC, service accounts, workload identities, and network policies.
- Ensure security controls are aligned to platform risk and business impact.
📊 Measure and Communicate Security Posture
- Maintain platform security posture visibility through metrics, reporting, and security tracking mechanisms.
- Track remediation progress and communicate risk in terms of business impact, exposure reduction, and blast radius.
- Help leadership understand where security investments are reducing risk and enabling secure growth.
🤝 Partner and Influence
- Partner closely with DevOps, SRE, and Engineering teams as a trusted advisor and platform security authority.
- Influence technical decisions through expertise, collaboration, and practical recommendations rather than direct authority.
- Help teams understand not just what needs to change—but why it matters and what good looks like.
🎯 Your impact
Your work directly reduces risk, limits blast radius, and enables Pax8 engineers to move fast with confidence.
You'll help answer critical questions such as:
- Are our cloud environments configured securely?
- Are identity boundaries and permissions appropriately scoped?
- Are our CI/CD systems operating with the right security controls?
- What platform risks should we address first?
- What should "good" look like across our infrastructure estate?
Your influence will shape platform design decisions that protect partners, customers, and the marketplace at global scale.
✅ What you bring
Required Experience
- 7+ years of experience in Cloud Security, Infrastructure Security, Platform Security, Security Architecture, DevSecOps, or related disciplines.
- Experience assessing cloud environments and identifying security weaknesses, misconfigurations, or architectural risks.
- Extensive hands-on AWS expertise across IAM, VPC, EKS, KMS, Secrets Manager, CloudTrail, S3, logging, networking, and access controls.
- Proven Kubernetes security experience including RBAC, service accounts, workload identities, network policies, and workload isolation.
- Experience securing CI/CD pipelines and cloud-native delivery workflows.
- Strong understanding of threat modeling and risk-based security assessments.
- Experience writing or maintaining security standards, hardening baselines, reference architectures, or security design guidance.
- Strong Infrastructure-as-Code fluency, particularly Terraform, with the ability to read and review Helm charts.
- Experience partnering with DevOps, SRE, Platform Engineering, or Infrastructure teams.
- Ability to operate independently and influence outcomes without formal authority.
Preferred Experience
- Experience within large SaaS, technology, fintech, cloud-native, or highly regulated organizations.
- Experience with GitHub Actions, OIDC federation, secrets management, and deployment protection controls.
- Experience operating CNAPP, CSPM, or cloud security posture management platforms beyond dashboard review.
- Experience producing ADRs, security design documents, or architecture standards that engineering teams actively use.
- Familiarity with AI platform security, agentic workloads, and AI-enabled development practices.
- Relevant certifications such as AWS Security Specialty, CCSP, CISSP, CKS, or equivalent.
⭐ What success looks like
You may be a great fit if you've previously:
- Assessed cloud and platform environments and identified meaningful security improvements.
- Defined security standards, hardening baselines, or architecture patterns that engineering teams adopted.
- Helped DevOps or SRE teams improve platform security without directly managing them.
- Used threat modeling to turn security findings into practical remediation roadmaps.
- Built trusted partnerships with engineers by balancing security requirements with delivery velocity.
- Worked in environments where you learned what "good" security looks like at scale.
🎯 Backgrounds that often succeed in this role
- Platform Security Engineer
- Cloud Security Engineer
- Infrastructure Security Engineer
- Cloud Security Architect
- Platform Security Architect
- DevSecOps Engineer
- Product Security Engineer (Infrastructure Focus)
- Security Architect (Cloud or Platform)
- Site Reliability Engineer (Security-Focused)
🔐 Trust and how we hire
At Pax8, we care deeply about building genuine, trust-based relationships—starting with how we hire.
To protect our business, our teams, and our customers, we use a range of measures throughout the recruitment process to help confirm authenticity and prevent fraud. These safeguards are designed to be fair, respectful, and proportionate, and may evolve as risks change.
We also use thoughtfully applied AI-enabled tools to support our hiring process. These tools may assist with tasks such as reviewing or prioritizing applications, but hiring decisions are made by our people.
If you're applying as your authentic self, you have nothing to worry about—we're excited to meet you.
🌈 Inclusion at Pax8
We encourage you to apply even if you don't meet 100% of the qualifications.
We're committed to building diverse teams, welcoming unique perspectives, and helping talented people grow. Transferrable skills, curiosity, and a passion for learning matter here.
To fulfill this role, you must have the legal right to work in the United States.
💰 Your benefits
- Competitive salary and annual performance bonus
- Stock options
- Comprehensive medical, dental, and vision insurance
- 401(k) retirement plan with company contribution
- Generous paid time off and company holidays
- Dedicated learning time with LinkedIn Learning access
- Wellbeing initiatives and employee assistance programs
Salary Range: $115,000-$150,000 per year
Application Deadline- July 10th, 2026
📈 Your growth
🌟 About Pax8
🛡️ Background checks
⚖️ Equal opportunities
At Pax8, we care deeply about building genuine, trust‑based relationships — starting with how we hire.
To protect our business, our teams, and our customers, we use a range of measures throughout the recruitment process to help confirm authenticity and prevent fraud. These safeguards are designed to be fair, respectful, and proportionate, and may evolve as risks change.
By applying, you acknowledge that we take steps to verify identity and representation during hiring. If you’re applying as your authentic self, you have nothing to worry about — we’re excited to meet you.
Perks:
Why Join Pax8?
Because here, success isn't just about numbers—it’s about impact.
It’s about being part of a team that thinks bigger, empowers each other, and never loses sight of why we do what we do: to make the cloud easier, more accessible, and more meaningful.
At Pax8 we believe that your Total Rewards should include a benefits package that shows how much we value our greatest assets. All FTE Pax8 people enjoy the following benefits:
Non-Commissioned Bonus Plans or Variable Commission
401(k) plan with employer match
Medical, Dental & Vision Insurance
Employee Assistance Program
Employer Paid Short & Long Term Disability, Life and AD&D Insurance
Flexible, Open Vacation
Paid Sick Time Off
Extended Leave for Life events
RTD Eco Pass (For local Colorado Employees)
Career Development Programs
Stock Option Eligibility
Employee-led Resource Groups
Please take a moment to review our Proprietary Rights and Non-Competition Agreement — this document outlines important information about your rights and responsibilities if you join our team.
Pax8 is an EEOC Employer.
Equal Opportunities
Pax8 is an equal opportunities employer and welcome individuals who are in possession of the appropriate requirements to work within the country the role is based in. Offered individuals will be asked to undertake identity, security compliance and reference checks. Your privacy is important to us. Your data will be held in accordance with Data Privacy best practices and processed only in accordance with our recruiting processes.