Jobs at Redbud Cyber Security Recruiting

View all jobs

Principal Cloud Security Engineer

D.C., Hybrid

Description of Position:

We are seeking an enthusiastic Principal Cloud Security Engineer to help our largest Federal client monitor and secure their rapidly expanding cloud footprint against would-be attackers. The successful candidate will have a passion for and experience with being the foremost Cloud Security expert in a large, enterprise SOC environment and augment the team’s knowledge and skills across the major cloud providers (e.g., AWS, Azure, and Google Cloud) to develop alerting and response procedures for cloud events and perform cloud hunting, monitoring, and incident response.


  • Perform cloud hunting and identify embedded threats effectively and efficiently.

  • Review and analyze cloud logs to bring relevance and context to the data.

  • Lead cloud incident response activities as they occur.

  • Develop a full set of cloud incident response playbooks.

  • Work with stakeholders to ensure full visibility into workloads running in the cloud.

  • Ensure all cloud logs are onboarded to the SIEM tool and the correct events are logged.

  • Develop and implement a full set of monitoring use cases to enable DOJ security tools to immediately and automatically detect cloud threats.

  • Continuously tune security tools for optimization, i.e., maximum blocking with minimal false positives.

  • Devise and implement additional KPIs and metrics that help DOJ monitor the overall health of this function.

  • Ensure and enable DOJ’s participation in threat information sharing initiatives across the USG.

  • Assist the engineering team with the deployment, configuration, and maintenance of cloud-based SOC tools, technologies, applications, and solutions.

  • Perform research and lead proof of concept efforts to determine where additional technologies may be necessary.


  • Active Top Secret Clearance with SCI Eligibility is required

  • Eight (8) years of cyber security experience, with at least six (6) of those years working as a Cloud Security Engineer in an enterprise SOC environment.

  • Able to work normal business hours (core) and occasional/limited on-call hours as requested by the client and/or as required by operational demands (e.g., during major incidents).

  • Willingness to work at the client site in Washington DC at least part of the time is required (hybrid/telework).

  • Demonstrated expertise in performing cyber threat hunting activities in cloud environments (e.g., SaaS, PaaS, IaaS, including O365, SIEM, EDR, and other cloud-based applications) is critically important.

  • Demonstrated experience leading incident response activities when cloud-based tools and systems are involved.

  • Experience across all major cloud providers (AWS, Azure, Google).

  • Bachelor’s degree required OR additional relevant experience.

  • Ability to work as an integral part of a high-performing SOC team is required.

  • Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms.

  • Understanding of recent cybersecurity policies and mandates such as EO 14028, M-21-31, NSM-8, and their impact on SOC activities.

Share This Job

Powered by