Cloud Security Lead

Description:

We’re a team of hungry, high-character professionals from all backgrounds who came together to reinvent work for the modern enterprise. And we’re always looking for world-class human beings (not resumes) to join the movement.

Island, the Enterprise Browser is the ideal enterprise workplace where work flows freely while remaining fundamentally secure. With the core needs of the enterprise naturally embedded in the browser itself, Island gives organizations complete control, visibility, and governance over the last mile, while delivering the same smooth Chromium-based browser experience users expect. What we’re building now - it’s not another solution. It’s a whole new chapter for enterprise work.

As a Cloud Security Lead (Cloud Security Architecture & Hardening) at Island, you will design, implement, and enhance the security of our mission-critical cloud infrastructure and the Island Enterprise Browser by establishing robust security architectures, implementing proactive hardening controls, and driving continuous operational excellence. You will play a critical role in safeguarding our cloud environment, shaping the foundational security posture through precision, innovation, and design foresight.

Key Responsibilities

• Cloud Security Architecture & Hardening: Design and enforce security baselines, configurations, and reference architectures across our multi-cloud footprint (AWS/GCP/Azure). Evaluate new cloud services and features for security implications and create hardened deployment standards for IaaS, PaaS, and serverless components.
• Security Engineering & Automation: Develop and deploy security-as-code solutions, integrating security controls directly into CI/CD pipelines and leveraging Infrastructure-as-Code (IaC) tools to ensure continuous configuration integrity and compliance. Develop custom automation for detection, alerting, and triage workflows, leveraging cloud SDKs and APIs.
• Cloud Security Monitoring & Observability: Design, implement, and maintain cloud-native security monitoring solutions (e.g., utilizing services like CloudTrail, GuardDuty, Security Command Center) to ensure comprehensive visibility across the cloud control plane and data plane.
• Incident Triage & Response: Support the security team in investigating and responding to critical security events and vulnerabilities, creating runbooks, and contributing to post-incident remediation and architectural improvements.
• Security Enablement & Awareness: Collaborate with product, engineering, and IT teams to improve security awareness, deliver training, and drive adoption of security best practices across Island, specifically for IaaS, PaaS, and secure DevOps practices.

• Deep expertise in designing, implementing, and reviewing secure cloud architectures, including network segmentation, policy enforcement, and infrastructure hardening.
• Expert knowledge of cloud security principles and secure DevSecOps practices, including experience securing Kubernetes/containerized workloads, managing cloud identity (IAM), and establishing security baselines.
• Proficiency in scripting and automation (e.g., Python, Bash, PowerShell) to build scalable security tooling, including extensive experience with Infrastructure-as-Code (IaC) security and policy-as-code tools.
• Strong understanding of detection engineering, security operations workflows, and vulnerability management, with a specific focus on protecting cloud infrastructure and services.
• Hands-on experience (3+ years) with Cloud Security Posture Management (CSPM) tools, cloud security monitoring solutions, and security information/event management (SIEM).
• Solid grasp of modern attack techniques, threat actor behaviors, and vulnerability exploitation patterns in cloud environments (e.g., misconfigurations, cloud identity compromises).
• Curiosity-driven, operations-focused mindset with a passion for keeping adversaries out and operations resilient.
• Experience in building or running purple teaming activities is a strong plus, particularly penetration testing of cloud infrastructure and identifying design flaws.