G2G Hiring! Full Time AWS Cloud Security Engineer in Federal Territory - Ricebowl

ABOUT THE ROLE

We are looking for an AWS Cloud Security Engineer who is passionate about designing and operating highly secure cloud environments on AWS. You will be the primary custodian of G2G’s cloud security posture — hardening IAM, network and application layers, driving compliance, and leading incident response across G2G, Pipwave and OffGamers platforms.

This role is focused on cloud security excellence. You will work closely with DevOps, software engineers and product teams to embed security controls, respond to threats and maintain our compliance posture under the Hydron cybersecurity programme.

KEY RESPONSIBILITIES

AWS Security Operations

• Implement and operate AWS-native security services: IAM (least-privilege, SCPs), GuardDuty, Security Hub, WAF, Shield, Macie, Inspector, KMS, Secrets Manager and Config.

• Own IAM governance — design and enforce least-privilege policies, service control policies (SCPs) and permission boundaries across accounts.

• Manage KMS key lifecycle, secrets rotation in Secrets Manager and encryption standards for data at rest and in transit.

• Monitor and tune GuardDuty, Security Hub findings and CloudTrail logs to surface actionable threats.

Cloud Security Architecture & Hardening

• Design and enforce secure network architecture: VPC segmentation, security groups, NACLs, private subnets and traffic inspection.

• Harden serverless workloads (Lambda, API Gateway) and container workloads (ECS/EKS) against known attack patterns.

• Define and maintain security baselines and configuration standards across EC2, S3, RDS/Aurora,

CloudFront and SQS/SNS.

• Conduct and support security architecture reviews for new features and infrastructure changes.

DevSecOps & Vulnerability Management

• Embed security controls into CI/CD pipelines: SAST, DAST, SCA, container/image scanning (Trivy, ECR), IaC scanning (Checkov, tfsec) and secrets detection.

• Manage vulnerability remediation SLAs and patching cadence across all environments.

• Review and advise on IaC (Terraform, CloudFormation) from a security perspective; flag and remediate misconfigurations.

Incident Response & Threat Management

• Lead triage of security alerts, perform root-cause analysis and drive remediation to closure.

• Develop, maintain and exercise incident response playbooks and contribute to tabletop exercises.

• Investigate CloudTrail, VPC Flow Logs and GuardDuty findings to detect and contain threats.

• Act as the escalation point for production security incidents across all platforms.

Compliance & Risk Management

• Drive and maintain compliance posture for PCI-DSS, ISO 27001 and applicable data protection regulations across G2G, Pipwave and OffGamers.

• Manage evidence collection, control mapping and audit support for internal and external assessments.

• Maintain AWS Config rules, Security Hub standards and continuous compliance monitoring.

• Produce regular security posture reports and risk dashboards for stakeholders.

REQUIREMENTS

• Minimum 2–3 years hands-on AWS cloud security in production environments.
• Solid working knowledge of Linux/Unix server administration (log analysis, permissions, hardening).
• Hands-on with IAM, GuardDuty, Security Hub, WAF, KMS, Secrets Manager, Config and Macie.
• VPC design, security groups, NACLs, private networking and traffic segmentation.
• Python or Bash for security automation, alerting scripts and remediation workflows.
• Ability to triage security alerts, investigate findings and drive root-cause analysis.
• Working knowledge of PCI-DSS and/or ISO 27001 control requirements.
• Clear written and verbal communication; able to convey security risk to non-technical stakeholders.