Security & Policy Engineer Location: Scottsdale, AZ (Onsite) Summary: Join our security engineering team to design and enforce policy-driven cloud security frameworks. This role ensures FinTech-grade controls, Zero Trust, and compliance automation across our AWS environments. Key Responsibilities: • Define and manage IAM roles/policies, Security Groups, and NACLs • Implement OPA (Open Policy Agent) and Policy-as-Code for multi-cloud/Kubernetes governance • Automate compliance enforcement for PCI-DSS, SOC 2, ISO 27001, and internal audits • Contribute to Zero Trust Architecture, micro-segmentation, and privileged access governance • Collaborate with DevOps and Platform teams to embed security in pipelines (DevSecOps) • Monitor and respond to alerts from GuardDuty, Config, CloudTrail, and external SIEMs Required Skills: • Strong expertise in AWS IAM, cross-account access, Secrets Manager, and Identity Federation • Hands-on experience with OPA, Rego, and tools like Gatekeeper/Kyverno • Knowledge of encryption mechanisms (KMS, CMK), secure key rotation, and access audits • Experience in continuous compliance checks, audit readiness, and GRC platforms • Background in incident response, threat modeling, and cloud-native security tools • Experience protecting PII, financial transaction data, and meeting security SLAs • Understanding of token-based access, SSO integration, and access boundary controls • Advanced degrees and certifications such as CISSP, AWS Certified Security – Specialty, or similar are a plus