Engineering Manager, Cloud Security

• Lead, coach, and develop a team of cloud security engineers, including setting clear goals, providing ongoing feedback, and running performance reviews. • Own the security posture of our AWS and Kubernetes platforms, including multi-account AWS Organizations (SCPs, IAM, VPCs) and multi-cluster Kubernetes environments. • Drive the design and implementation of Zero Trust architectures, including identity-based perimeters, mTLS, network segmentation, and least-privilege access controls. • Partner with Platform, SRE, and Product Engineering teams to embed security into infrastructure roadmaps, CI/CD pipelines, and service architectures. • Establish and scale infrastructure as code and policy as code practices (e.g., Terraform/CDK, OPA/Kyverno) to build automated guardrails and reduce manual configuration. • Act as Incident Commander for high-severity security incidents and vulnerabilities (e.g., Log4j-style events), coordinating technical response, stakeholder communication, and post-incident reviews. • Own the security engineering roadmap for cloud and container security, balancing short-term risk reduction with long-term strategic investments. • Collaborate with Compliance, Risk, and Legal to maintain and improve our security posture relative to frameworks like SOC2 and ISO, and to support customer and regulator inquiries. • Partner with leadership on headcount planning, hiring, and organizational design to ensure the Cloud Security team scales with the business. • Champion a culture of security across Paxos through education, documentation, and close collaboration, helping teams ship secure systems quickly and confidently. • 8+ years of engineering experience (software, infrastructure, or security), including time as an individual contributor security engineer working on cloud or application security. • At least 2–3 years of experience as an engineering manager, leading and developing security or infrastructure teams. • Proven experience securing production AWS environments at scale, including AWS Organizations, IAM, SCPs, VPC design, Transit Gateways, WAFs, and logging/monitoring. • Hands-on experience securing multi-cluster Kubernetes environments (e.g., network policies, admission controllers, service mesh, secrets management, runtime hardening). • Strong fluency with Infrastructure as Code (Terraform or CDK); you view infrastructure as software and are comfortable driving code reviews, testing, and automation for infra changes. • Deep understanding of security architecture concepts, including Zero Trust, mTLS, identity-based perimeters, least privilege, and cloud hardening best practices. • Demonstrated experience leading incident response as an Incident Commander for major vulnerabilities or breaches, including coordinating cross-functional teams under pressure. • Proficiency in headcount planning, performance reviews, and mentorship, with a clear and thoughtful leadership philosophy you can articulate with examples. • Excellent communication skills, with the ability to explain complex security risks and trade-offs to both deeply technical engineers and non-technical stakeholders. • Important Notice for Paxos Applicants • We’ve become aware of fraudulent accounts posting as Paxos recruiters on LinkedIn and other platforms. These scammers attempt to deceive applicants into paying for job opportunities or providing personal financial information. • To verify a legitimate Paxos recruiter: • We only use @paxos.com email addresses • We never ask for payment or financial details to apply, interview, or work here • For technical roles, we do not perform a coding interview without prior screening by our engineering team • Thanks for your interest in Paxos!