Cloud Cybersecurity Engineer

About CompoSecure

Founded in 2000, CompoSecure (Nasdaq : CMPO) is a technology partner to market leaders, fintechs and consumers enabling trust for millions of people around the globe.

The company combines elegance, simplicity, and security to deliver exceptional experiences and peace of mind in the physical and digital world.

CompoSecure's innovative payment card technology and metal cards with Arculus security and authentication capabilities deliver unique, premium branded experiences, enable people to access and use their financial and digital assets, and ensure trust at the point of a transaction.

For more information, please visit and .

About the role :

Our core mission is to ensure the highest levels of security and innovation in our products. We are seeking a highly skilled Cloud Cybersecurity Engineer with a passion for securing cloud environments.

Experience with crypto environments is preferred to join our dynamic team.

As a Cloud Cybersecurity Engineer, you will play a critical role in securing our AWS and Azure environments. You will adopt a pragmatic approach to security, staying informed about trending attacks and sophisticated threats in the cloud.

This role emphasizes hardening our cloud infrastructure, collaborating with the Cyber Security Operations team and Managed Detection and Response (MDR) providers to detect and mitigate potential threats.

We are looking for someone who thinks like an attacker, understands how initial access is gained and post-exploitation activities are conducted, and is abreast of the latest trends in cloud attacks, including nation-state APTs, novel attacks, and well-known exploits.

The Cloud Cybersecurity Engineer is primarily remote and can work anywhere within the United States, but will require quarterly visits to our office in Somerset, NJ.

Key Responsibilities :

• Security Posture Enhancement : Continuously assess and improve the security posture of our AWS and Azure environments by remediating vulnerabilities and dangerous misconfigurations.
• Familiarity with the following AWS Services : Identity and Access Management (IAM), Simple Storage Service (S3), Relational Database Service (RDS), CloudTrail, CloudWatch, Virtual Private Cloud (VPC), Lambda, Elastic Load Balancing (ELB), Security Groups, GuardDuty, Config, Inspector, Secrets Manager, Web Application Firewall (WAF), Virtual Private Network (VPN), Direct Connect, Elastic File System (EFS), Athena, Redshift, Data Pipeline, CloudFront, DynamoDB, Certificate Manager, Elastic Kubernetes Service (EKS).
• Familiarity with the following Azure Services : EntraID, Blob Storage, SQL Database, Activity Log, Monitor, Virtual Network (VNet), Key Vault, Functions, Application Gateway, Network Security Groups (NSG), Security Center, Policy, Sentinel, Managed Identity, Azure Synapse Analytics, Azure Data Factory, Azure SQL Data Warehouse, Power BI Service, Web Application Firewall (WAF), ExpressRoute, Load Balancer, Azure Firewall, Log Analytics, Cosmos DB, SQL Managed Instance, Data Lake Storage, Azure Bastion, Azure Purview.
• Policy Enforcement : Implement security policies, controls, and guardrails to ensure compliance with industry standards and best practices.
• Incident Management : Lead incident response efforts for cloud-related security events, acting as incident commander when necessary, to swiftly contain and remediate security incidents.
• Threat Analysis : Stay current on the latest trends in cloud attacks, including tactics, techniques, and procedures (TTPs) used by advanced persistent threats (APTs) and other sophisticated adversaries.
• Compliance Assurance : Ensure our cloud environments meet SOC2 and ISO 27001 compliance standards through rigorous security practices and regular audits.
• Collaborative Defense : Work closely with the Cyber Security Operations team and MDR providers to develop and implement detection mechanisms for identifying and mitigating potential threats.

Desired Experience :

• Technical Expertise : Minimum of 2 years of experience working in AWS and Azure, with a strong understanding of cloud security architectures and best practices.
• Cybersecurity Experience : At least 5 years of experience in cybersecurity or compliance, with a focus on cloud environments.
• Certifications : AWS or Azure security certifications are preferred but not required. Operational experience and a proven track record in securing cloud environments are highly valued.
• Web Application Security : Familiarity with Web or Crypto applications and experience securing and pen testing them is preferred.

Soft Skills and Traits :

• Analytical Thinking : Ability to think like an attacker, anticipate potential attack vectors, and develop effective countermeasures.
• Communication : Strong communication skills to effectively collaborate with team members, stakeholders, and external partners.
• Problem-Solving : Excellent problem-solving skills to address complex security challenges and develop innovative solutions.
• Attention to Detail : Detail-oriented with a focus on accuracy and thoroughness in security practices and documentation.
• Proactivity : Proactive and self-motivated with the ability to work independently and take ownership of security initiatives.
• Organizational Skills : Strong organizational skills to manage multiple projects and priorities, ensuring timely and effective execution.
• Composure Under Pressure : Ability to remain calm and decisive under pressure, particularly during security incidents.

Company Culture : We value innovation, security, and collaboration. Our team is dedicated to maintaining a secure environment and staying ahead of emerging threats.

We foster a supportive and dynamic work culture where employees can thrive and contribute to our mission.

CompoSecure is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, or national origin.

We are also an equal opportunity employer of individuals with disabilities and protected veterans.