← All Positions
Posted Mar 31, 2026

Cloud Security Engineering Services

Apply Now
Role: Cloud Security Engineering Services 6 month engagement Remote H1B visa holders allowed 6-month staff augmentation engagement to serve as a stop-gap while we continue the recruiting process to fill Sr. Cloud Security Engineer role Need responses by 5p on 26 Mar, so customer can review and make a decision prior to going on PTO on 28 Mar. Cloud Security Engineering Services CNAPP Engineering Services [VENDOR]'s CNAPP Engineering Services provide specialized expertise to operationalize and optimize cloud-native application protection platforms, enabling organizations to achieve comprehensive visibility, prioritization, and remediation of cloud security risks across multi-cloud environments. This service focuses on transforming CNAPP deployments from basic implementations into mature, integrated security operations that deliver actionable intelligence, streamlined vulnerability management workflows, and measurable risk reduction. The engagement emphasizes advancing platform maturity through strategic configuration, custom integrations, operational process development, and automated remediation capabilities that align with organizational security objectives and compliance requirements. By leveraging deep technical expertise in cloud security engineering and CNAPP administration, this service enables clients to maximize their security platform investment while establishing sustainable practices for continuous cloud risk management, stakeholder engagement, and executive visibility. The service includes: Platform Connectivity & Coverage Validation - Validate and optimize Wiz connector health across all cloud environments, ensuring comprehensive discovery and scanning of compute, container, serverless, and identity resources while identifying and addressing coverage gaps. Organizational Structure & Access Control Implementation - Design and configure project hierarchies aligned to business ownership models and implement role-based access controls that enforce least-privilege principles and appropriate visibility boundaries across organizational units. Risk Prioritization & Critical Vulnerability Burn-Down - Establish risk prioritization frameworks based on exposure, privilege, severity, and attack-path context while driving sustained reduction of critical findings across highest-priority production assets. Vulnerability Management Operationalization - Validate and operationalize comprehensive vulnerability scanning across VMs, container images, and CI/CD pipelines while establishing prioritization and remediation approaches for exploitable and end-of-life vulnerabilities. Workflow Automation & ITSM Integration - Implement bidirectional integrations with ticketing systems and configure automation for ticket creation, updates, and closure based on remediation state to support seamless end-to-end vulnerability management workflows. Cloud Configuration Governance & Auto-Remediation - Review, tune, and optimize cloud configuration rules while enabling automated remediation workflows including one-click fixes and auto-remediation capabilities where appropriate. Identity & Access Risk Management through Cloud Infrastructure Entitlements Management (CIEM) - Integrate identity providers to surface entitlement risks, analyze excessive permissions and risky identities, and provide least-privilege remediation recommendations across cloud environments. Executive & Operational Dashboarding - Operationalize native Wiz dashboards and develop custom executive and operational reporting capabilities with monitored metrics, trend indicators, and recurring reports tailored to organizational needs. Scope of Service(s) CNAPP Engineering Services   Scoping Details Cloud Service Provider Amazon Web Services, Microsoft Azure CNAPP Platform Wiz Number of Engineers 1 Delivery Time Business Hours Location Remote Platform Connectivity, Coverage & Baseline Health Validate full Wiz connector health coverage across all in-scope cloud environments Confirm all relevant resource types (compute, container, serverless, identity) are discovered and scanned. Project Structure, RBRAC & Ownership Alignment • Design Wiz project structure aligned to organizational, application, and environment ownership. • Configure RBAC to enforce least-privilege access and appropriate visibility boundaries. Risk Prioritization & "Zero Critical" Burn-Down • Establish risk prioritization based on exposure, privilege, severity, and attack-path context. • Drive sustained reduction of critical risk across highest-priority projects and production assets. Vulnerability Management Operationalization • Prioritized critical risk backlog • Defined critical-risk burn-down approach and ownership model • Measurable reduction in critical findings over the engagement period Automation, Ticketing & Workflow Integration • Implement bidirectional integration with ITSM tooling (e.g., ServiceNow or Jira). • Configure automation for ticket creation, updates, and closure based on remediation state. Cloud Configuration Rules & Auto-Remediation • Review and tune cloud configuration rules and severities. • Enable remediation workflows (e.g., one-click fix or auto-remediation) where appropriate. Identity & Access Risk (CIEM) • Integrate identity providers to surface entitlement and identity risk. • Analyze excessive permissions, risky identities, and non-human identities. Native Wiz Dashboarding & Reporting (Executive + Operational) • Operationalize Wiz out-of-the-box dashboards for remediation and risk tracking. • Build native custom dashboards for executive (CISO/board-level) and operational audiences. • Enable monitored metrics and native recurring reporting within Wiz. Cloud Security Engineering Services Scoping Assumptions The following comprise the scoping assumptions and expectations for this service. Any variations may result in a Change Order and additional charges. Client may request, with a minimum of two (2) weeks' advance written notice, a temporary pause of up to two (2) weeks on consultant services without risk of losing the assigned consultant resource, provided the pause is mutually agreed upon by both parties. If Client continuously delays in providing necessary system access, responses, or approvals essential for the consultant to effectively perform the agreed-upon services, [VENDOR] reserves the right, following written notice detailing the delays and providing a reasonable cure period, to remove the assigned consultant and reallocate resources accordingly. Deliverables Platform Connectivity, Coverage & Baseline Health Connector Health and Coverage Validation Report - Comprehensive assessment documenting the operational status, configuration accuracy, and performance metrics of all Wiz connectors across Azure and AWS environments, including validation of discovery capabilities for compute, container, serverless, and identity resources. Cloud Asset Inventory with Identified Coverage Gaps - Detailed inventory of all cloud resources under management with comprehensive gap analysis identifying unscanned assets, configuration drift, and areas requiring enhanced monitoring or connector optimization. Baseline Platform Health Summary and Remediation Actions - Executive summary of overall platform health status including performance benchmarks, identified issues, and prioritized remediation recommendations with implementation timelines where corrective actions are required. Project Structure, RBRAC &Ownership Alignment Documented Project Hierarchy Mapped to Business/Application Owners - Structured documentation defining the organizational project taxonomy within Wiz, including clear mappings between cloud resources, business units, application portfolios, and designated ownership responsibilities. RBAC Access Matrix and Role Definitions - Comprehensive role-based access control framework documenting user permissions, group memberships, and access boundaries with detailed role definitions that enforce least-privilege principles across organizational units. Validation that Access Boundaries Align to Ownership Model - Verification documentation confirming that implemented access controls properly reflect organizational ownership structures and business requirements while maintaining appropriate security boundaries. Risk Prioritization & "Zero Critical" Burn-Down Prioritized Critical Risk Backlog - Structured inventory of critical security findings ranked by risk score, business impact, and remediation complexity, incorporating exposure context, privilege escalation potential, and attack path analysis. Defined Critical-Risk Burn-Down Approach and Ownership Model - Operational framework establishing methodology for systematic critical finding reduction, including stakeholder responsibilities, escalation procedures, and success metrics aligned to organizational risk tolerance. Measurable Reduction in Critical Findings Over Engagement Period - Quantitative reporting demonstrating sustained improvement in critical risk posture with trend analysis, milestone achievements, and recommendations for continued risk reduction activities. Vulnerability Management Operationalization Confirmed Vulnerability Coverage and Configuration Validation - Technical validation documenting comprehensive vulnerability scanning capabilities across virtual machines, container images, and CI/CD pipeline integrations with configuration optimization recommendations. Vulnerability Prioritization and Remediation Guidance - Structured approach for vulnerability risk assessment incorporating exploitability analysis, end-of-life software identification, and business impact considerations with actionable remediation recommendations. Operational Vulnerability Reporting Artifacts - Standardized reporting templates and dashboards providing ongoing visibility into vulnerability trends, remediation progress, and key performance indicators for operational teams. Automation, Ticketing & Workflow Integration Functional ITSM Integration with Validated Data Flow - Implemented bidirectional integration between Wiz and organizational ticketing systems with comprehensive testing documentation validating data accuracy, field mapping, and workflow synchronization. Automation Rules Documented and Enabled - Configured automation framework for ticket lifecycle management including creation triggers, status updates, and closure conditions with detailed rule documentation and operational procedures. End-to-End Remediation Workflow Documentation - Process documentation defining complete vulnerability remediation workflows from discovery through resolution, including stakeholder handoffs, escalation procedures, and success validation criteria. Cloud Configuration Rules & Auto-Remediation Tuned Cloud Configuration Rule Set - Optimized collection of cloud security configuration policies customized for organizational requirements with severity classifications, detection logic, and exception handling procedures. Enabled Remediation Workflows with Validation - Implemented automated remediation capabilities including one-click fixes and auto-remediation workflows with comprehensive testing documentation and rollback procedures where appropriate. Configuration Governance Decisions Documented - Decision matrix documenting approved configuration standards, remediation approaches, and governance policies with rationale for organizational adoption and ongoing maintenance. Identity & Access Risk (CIEM) Identity and Entitlement Risk Findings Summary - Comprehensive analysis of identity-related security risks including excessive permissions, dormant accounts, and privileged access violations across cloud environments with prioritized remediation recommendations. Least-Privilege Remediation Recommendations - Detailed guidance for implementing least-privilege access controls including role optimization, permission reduction strategies, and access review procedures aligned to organizational security policies. Validation of CIEM Visibility and Coverage - Technical assessment confirming comprehensive identity provider integration and entitlement discovery capabilities with gap analysis and enhancement recommendations for ongoing identity risk management Native Wiz Dashboarding & Reporting (Executive + Operational) Standardized Set of Adopted OOTB Wiz Dashboards - Configured collection of out-of-the-box Wiz dashboards optimized for organizational use cases with customized views, filters, and access controls aligned to operational requirements. Native Executive and Operational Dashboards Tailored to Client Needs - Custom-developed dashboards providing executive-level risk visibility and operational metrics designed specifically for organizational reporting requirements and stakeholder audiences. Enabled Monitored Metrics with Agreed Trend Indicators - Configured key performance indicators and trend analysis capabilities within Wiz providing ongoing visibility into security posture improvements and operational effectiveness metrics. Configured Native Recurring Reports - Automated reporting capabilities delivering scheduled executive summaries, operational updates, and compliance reports with customizable frequency and distribution lists to support ongoing organizational communication requirements. Service(s) Output Cloud Security Engineering Services CNAPP Engineering Services - Ongoing technical expertise and hands-on engineering support encompassing platform connectivity validation, organizational structure alignment, risk prioritization and burn-down activities, vulnerability management operationalization, workflow automation implementation, configuration governance, identity risk management, and dashboard development across the Wiz.io platform in Azure and AWS environments. Platform Configuration and Integration Implementation - Technical implementation including validated connector configurations, project hierarchies with RBAC matrices, tuned security policies and detection rules, ITSM integrations with automated workflows, enabled remediation capabilities, CIEM integrations, and custom executive and operational dashboards developed throughout the engagement. Operational Documentation and Knowledge Transfer Materials - Comprehensive documentation developed during the engagement including connector health and coverage validation reports, cloud asset inventories with gap analysis, project ownership mappings, critical risk backlogs with burn-down approaches, vulnerability prioritization guidance, workflow documentation, configuration governance decisions, identity risk findings summaries, and standardized reporting templates that support ongoing platform operations and organizational decision-making.
Apply Now

More Remote Jobs

Marketing Operations ManagerApr 6, 2026CERIS Certified Coder IMar 31, 2026Team Lead OperationsApr 12, 2026[Remote] Energy Engineer IMar 30, 2026Sales Representative - Entry LevelApr 1, 2026002ARC - Advanced Analytics EngineerApr 1, 2026Database Admin (Oracle & PostgreSQL) - IndiaApr 11, 2026**Experienced Data Entry Specialist - Remote / Entry Level Opportunity at arenaflex**Apr 9, 2026Senior DevSecOps EngineerMar 31, 2026Temp to Perm - Remote - Regulatory Affairs ManagerMar 29, 2026Market Risk Analytics, VPApr 2, 2026[Remote] Compliance Officer (REMOTE): Communications w/the PublicApr 3, 2026Outside Sales RepresentativeApr 10, 2026Call Center Representative Spanish Bilingual - Roadside AssistanceApr 2, 2026Business Development SpecialistApr 1, 2026