CNAPP Security Engineer (Remote) - Mid-Atlantic region

OverviewCNAPP Security Engineer (Remote) - Mid-Atlantic region. Remote position, preferred candidates in VA, MD, PA, NC, DE, NJ, or DC.GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables organizations to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.GuidePoint Security seeks an experienced CNAPP cloud security professional to join our DevSecOps Security practice in the Mid-Atlantic.Summary: As a CNAPP Security Engineer, you will be part of a growing team delivering CNAPP Cloud Security advisory, development, implementation and operations for customers across multiple verticals. You will work with customers to advise, develop, implement and run CNAPP Cloud Security tools and continuously learn about the latest cloud security technologies such as CNAPP, IaC, CSPM and CWPP.Role and ResponsibilitiesPerform implementation of CNAPP and CSPM tools in multi-account AWS and Azure environments.Implement IaC scanning tools within CI/CD pipelines.Develop Infrastructure as code in CloudFormation or Terraform.Develop custom control checks within CNAPP Platforms using JSON, REGO, or Terraform.Analysis – identify and evaluate potential threats and vulnerabilities to public cloud environments, networks, applications, infrastructure and systems.Issue Resolution – lead the resolution of identified issues in public cloud environments, including:Vulnerabilities – Cloud, System, and ApplicationCompliance – CIS, NIST, AWS and Azure best practicesCloud Entitlements – excessive permissions and IAM best practicesSecrets – unprotected secrets on VMs, containers, and IaC repositoriesIaC – misconfigurations and vulnerabilities in IaCDeep understanding of Kubernetes and microservices security best practices.Performs container registry scanning.Reviewing and creating metrics, KPIs and KRIs to track overall cloud security posture.Create, maintain and update runbooks for cloud configuration checks.Assess the overall security posture of cloud security infrastructure and workloads.Advise customers on cloud security best practices.Experience, Education, and Technical RequirementsAt least 3 years of experience in Cloud Security with AWS, Azure, or GCP.Experience with Cloud Security tools like Wiz.io, Orca, Lacework, Trivy, Aqua, Ermetic or Prisma Cloud.Experience with integrating tools into development pipelines such as Azure DevOps, Jenkins, etc.Understanding of a broad range of Cloud Security issues and mitigation strategies.Understanding of Cloud Security-related vulnerabilities.Experience developing code in Terraform, Python, PowerShell, Rego, and other languages.Written communication skills for client interactions; ability to articulate complex problems clearly.Strong time management with the ability to handle multiple projects independently.Bachelor’s degree in computer science or information security preferred.Cloud Security certifications are preferred.Why GuidePointGuidePoint Security is a rapidly growing, privately-held security-focused consulting and services firm serving top organizations.BenefitsRemote workforce (U.S. based); some travel may be required for certain positions; on-site may be required for Federal positionsMedical insurance optionsGroup Dental Insurance coverage12 corporate holidays and Flexible Time OffHealthy mobile phone and home internet allowanceEligibility for retirement plan after open enrollmentApplication and Equal OpportunityWe are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. We welcome applications from candidates in the Mid-Atlantic region as noted above. #J-18808-Ljbffr

Created: 2025-09-21