Cloud Security Jobs (NOW HIRING)

Job Summary:
IDEXX is seeking a Cloud Security Architect to lead their multi-cloud security architecture across AWS, Azure, and GCP environments. This role involves architecting and implementing cloud security posture management solutions while partnering with engineering teams to embed security controls into cloud deployment pipelines.
Responsibilities:
• Architect, implement, and continuously improve cloud security posture management across AWS, Azure, and GCP environments supporting IDEXX products and applications
• Lead the migration from AquaSec to CrowdStrike Falcon CSPM, ensuring continuity of visibility and compliance enforcement
• Establish and maintain compliance with CIS Benchmarks Level 1 standards across all cloud platforms
• Design monitoring and alerting strategies that surface actionable security gaps to both security and engineering teams
• Implement automated security scanning and policy enforcement for Terraform, CloudFormation, and other IaC frameworks
• Integrate tools like CrowdStrike Falcon, Checkov and Trivy into CI/CD pipelines to prevent misconfigurations before deployment
• Develop policy-as-code frameworks that codify security requirements and enable self-service compliance
• Embed security controls directly into cloud deployment pipelines using native platform capabilities and third-party tooling
• Partner with DevOps teams to build secure-by-default infrastructure templates and golden paths
• Conduct architecture reviews for new cloud services and deployment patterns
• Translate complex security requirements into practical, actionable guidance for engineering teams
• Conduct cloud security assessments, threat modeling, and architecture reviews for critical workloads
• Identify and prioritize security risks based on business impact, exploitability, and compensating controls
• Work with product teams to implement mitigations that balance security effectiveness with operational feasibility
• Manage and optimize cloud-native security tooling including CSPM, CNAPP, and secret scanning solutions
• Build automation to reduce manual security work and improve consistency of controls
• Establish metrics and reporting that demonstrate security posture improvement and compliance trends
Qualifications:
Required:
• 7-10+ years of experience in information security with at least 5 years focused on cloud security architecture
• Hands-on experience implementing and operating CSPM solutions in multi-cloud environments
• Deep hands-on experience architecting security controls in AWS, Azure, and GCP production environments
• Demonstrated proficiency with CSPM tools (CrowdStrike Falcon, Wiz, Prisma Cloud, or similar platforms)
• Strong knowledge of CIS Benchmarks, cloud security frameworks (CSA CCM, NIST), and compliance standards (SOC 2, GDPR, HIPAA)
• Expertise in Infrastructure-as-Code security scanning and policy enforcement (Checkov, Trivy, Terraform Sentinel, OPA)
• Experience integrating security controls into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps)
• Solid understanding of container security, Kubernetes security, and serverless security patterns
• Proficiency with scripting and automation (Python, Bash, PowerShell)
• Proven track record architecting security controls for large-scale cloud deployments
• Experience with CIS Benchmarks implementation and compliance enforcement
• Strong understanding of cloud-native architecture patterns and security implications
• Bachelor's degree in Computer Science, Information Security, or equivalent practical experience
• Proven ability to design security architectures that scale across large, complex cloud environments
• Track record of successfully partnering with DevOps and engineering teams to implement security without blocking delivery
• Experience driving security tool migrations and consolidations with minimal disruption
• Strong analytical skills to assess risk, prioritize work, and make pragmatic security decisions
• Ability to translate technical security concepts into language that resonates with both technical and business stakeholders
• Excellent written and verbal communication skills; able to produce concise architecture documentation and executive summaries
• Demonstrated ability to influence engineering teams through technical credibility rather than authority
• Comfortable presenting security recommendations to senior technical leadership and defending design decisions
• Self-directed and outcome-focused; able to identify problems, propose solutions, and drive them to completion with minimal supervision
Preferred:
• Relevant cloud security certifications (AWS Certified Security - Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, CCSP)
• Experience with CrowdStrike Falcon CSPM or other leading CSPM/CNAPP platforms
• Background in DevSecOps, SRE, or cloud platform engineering
• Familiarity with OWASP SAMM or similar security maturity frameworks
• Prior experience in regulated industries (healthcare, financial services) with SOC 2, HIPAA, or PCI-DSS compliance requirements
• Contributions to open-source security tools or cloud security communities
Company:
10,000+ people, one global focus - enhancing the health and well-being of pets, people, and livestock We are passionate about what we do at IDEXX – and why wouldn’t we be? When you’re working to raise the standard of care for pets, make drinking water safe for billions and keep our livestock population around the globe healthy and free of disease, it’s no wonder that what we do each day is more than just a job. Founded in 1983, the company is headquartered in Westbrook, USA, with a team of 10001+ employees. The company is currently Late Stage.