TELECOMMUTE Principal AWS Security Engineer -- Direct Client
ABF, LLC
Chicago, United States of America
yesterday
Role details
Contract type
Temporary contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Remote
Chicago, United States of America
Tech stack
Java
Artificial Intelligence
Amazon Web Services (AWS)
C Sharp (Programming Language)
Cloud Computing Security
Continuous Integration
Python
Reliability Engineering
Security Information and Event Management
Software Engineering
Systems Integration
TypeScript
Policy as Code
Data Logging
Production Code
Terraform
Serverless Computing
Go
Requirements
- 10+ years across software engineering, platform engineering, SRE, or cloud security, with substantial hands-on AWS work in multi-account environments.
- Production-quality code in at least one of Go, Python, TypeScript, C#, or Java. You think about security problems as software problems.
- Deep Terraform: reusable modules, tested patterns, and an opinion about how IaC should be structured at scale.
- Hands-on experience with policy-as-code, preventive guardrails, and securing EKS and serverless workloads.
- Experience building detective and preventive controls for cloud control planes and logging integrity.
- Comfort working through pull requests and design reviews with engineering teams, not only with security teams.
Nice to have
- SIEM/XDR integration experience; familiarity with Palo Alto or Prisma.
- CI/CD security patterns and developer-enablement work.
- Securing AI/GenAI services, internal copilots, or agentic workflows in cloud environments.
Benefits & conditions
- Design AWS multi-account, organization, and guardrail patterns that make the secure path the easy one.
- Build and own a library of Terraform modules and policy-as-code that engineering teams adopt across the company.
- Implement preventive controls, including SCPs, deployment-time policy validation, and drift detection, for high-risk cloud actions, in the code paths where work already happens.
- Build logging integrity and tamper resistance into CloudTrail, telemetry pipelines, and core monitoring; define what good cloud telemetry looks like for downstream detection.
- Partner with Platform and Architecture on identity, networking, EKS, and serverless patterns. Work with Security Operations to turn cloud signals into useful detections.
- Make architecture decisions visible through design docs, pull requests, and reference implementations others can read and copy.