Cloud Security Engineer

Who You Are:

You are a cloud security specialist with a strong background in AWS environments. You have a deep understanding of AWS security services, cloud architecture, and best practices to protect sensitive data and mitigate risks. You enjoy collaborating with cross-functional teams to ensure security is embedded throughout the cloud lifecycle from design to deployment and monitoring. You are proactive, detail-oriented, and passionate about staying ahead of emerging security threats.

Does this sound like you? If so, keep reading and apply today!

• Design and implement security controls and configurations for AWS services, including EC2, S3, VPC, IAM, EKS, Lambda, RDS, and more.
• Conduct risk assessments, vulnerability scans, and penetration testing on AWS infrastructure to identify and remediate security gaps.
• Develop and enforce IAM policies, roles, and permissions to ensure least-privilege access across AWS environments.
• Configure and manage AWS security tools such as AWS Security Hub, GuardDuty, CloudTrail, AWS Config, and Inspector to monitor and respond to threats.
• Implement encryption mechanisms for data at rest and in transit using AWS KMS (Key Management Service) and other cryptographic tools.
• Collaborate with DevOps teams to integrate security into CI/CD pipelines using tools like AWS CodePipeline and third-party solutions.
• Respond to security incidents, perform root cause analysis, and recommend corrective actions to prevent recurrence.
• Ensure compliance with industry standards and regulations (e.g., SOC 2, ISO27001) within AWS environments.
• Stay up-to-date with emerging cloud security threats, AWS updates, and best practices to proactively enhance security posture.
• Document security processes, architectures, and incident reports for internal and audit purposes.

• 3+ years of experience in cloud security, with at least 2 years focused on AWS environments.
• Strong knowledge of AWS security services (e.g., IAM, GuardDuty, CloudTrail, KMS, WAF) and their practical application.
• Experience with infrastructure-as-code (IaC) tools like Terraform or AWS CloudFormation for secure deployments.
• Familiarity with scripting languages (e.g., Python, Bash) for automation of security tasks.
• Understanding of networking concepts (e.g., VPC, subnets, security groups, NACLs) and their security implications in AWS.
• Proven ability to conduct threat modeling, vulnerability management, and incident response in cloud environments.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills to collaborate with technical and non-technical stakeholders.

• Experience with container security (e.g., Docker, Kubernetes) in AWS ECS or EKS.
• Familiarity with compliance frameworks and audit processes.

• We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates 
• You will have an impact on the design, architecture and implementation of markets that are often called the engine of US economy
• We value drive for excellence, independent thinking, teamwork and curiosity
• You will work with both government backed and industry leading companies to create a digital pipeline that facilitates real time trading of loans
• We have an experienced leadership team that previously built large and impactful platforms 
• Outstanding opportunity for professional growth and upward mobility 
• Direct engagement with the decision makers and senior business leaders 
• Competitive salaries
• 100% paid medical/vision/dental/disability/life insurance 
• Unlimited PTO
• Hybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas

Let's get to know each other.

Polly has pioneered the next generation of mortgage capital markets technology with its cutting-edge, data-driven platform. Its enterprise-grade solutions, including the industry's only cloud-native, commercially scalable product, pricing, and eligibility (PPE) engine and first-of-its-kind Polly/™ AI platform, empower the nation's top banks, credit unions, and mortgage lenders to increase profitability, automate workflows, and revolutionize the loan officer and broker experiences. As a mortgage technology trailblazer, Polly is committed to driving meaningful value and ROI through best-in-class innovation that enables unlimited configurability, flexibility, granularity, and scalability. Polly was founded by a seasoned team of mortgage capital markets and technology experts and is headquartered in San Francisco, California. Recognized as a pioneer in mortgage capital markets, as well as in culture and career development, Polly was named to Forbes' America's Best Startup Employers in 2025. This evaluation was based on three key criteria: Employer Reputation, Employee Satisfaction, and Company Growth.

To learn more, follow Polly on LinkedIn or visit www.polly.io. Polly is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, age, color, national origin, religion, sex, gender identity, sexual orientation, marital status, pregnancy status, disability status, veteran status, or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Beware of recruitment scams impersonating the Polly brand or our employees. Our team communicates only through official Polly channels, and we will never ask for sensitive information over text or conduct text-only interviews. If you are ever suspicious or in doubt, reach out to us directly at peopleteam@polly.io. We care deeply about this network and your experience.