Senior AWS Security Engineer

Job Details

Job ID: 12548

New ideas are all around us, but only a few will change the world. That’s our focus at JPL. We ask the biggest questions, then search the universe for answers—literally. We build upon ideas that have guided generations, then share our discoveries to inspire generations to come. Your mission—your opportunity—is to seek out the answers that bring us one step closer. If you’re driven to discover, create, and inspire something that lasts a lifetime and beyond, you’re ready for JPL.


Located in Pasadena, California, JPL has a campus-like environment situated on 177 acres in the foothills of the San Gabriel Mountains and offers a work environment unlike any other: we inspire passion, foster innovation, build collaboration, and reward excellence.



Are you passionate about cloud technologies? Do you want to work in cloud technologies for the security of JPL’s global network? If you answered yes, then we have the right opportunity for you!  At NASA’s Jet Propulsion Laboratory, we depend on innovation and technical excellence to develop IT systems and services that provide the edge we need to explore the universe.

We are looking for a Cloud Security Engineer team member who shares our passion for cloud technologies to join our workforce.  As a Cloud Security Engineer in the Cybersecurity/Identity Technologies & Operations Group (173F), you will provide technical expertise for securing and governing various Cloud environments used at JPL including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure.

  • Write cloud security requirements and guidelines, documenting processes and procedures ranging from access control of users and resources to risk mitigation.
  • Create and monitor security alerts, and assisting the Security Operations Center (SOC) team with investigations in the cloud. 
  • Serves as the primary security interfaces with development teams, architects, engineers, and operational teams involved in Cloud-related projects. 
  • Partner with Engineering and Operations teams to create, implement, and apply DevSecOps principles and processes that are consumed by developers across the Lab.
  • Devise end-to-end security assurance activities including Vulnerability Assessments (pre-production, post-production), Red Team end-to-end exercises and Purple Team exercises (Red and Blue team collaboration) in order to identify areas of risk and ensure any gaps are documented and remediated.
  • Supplement Cloud monitoring tool(s) by adding new capabilities, security checks, and automation using the tools extension capabilities and/or the SDK/API.
  • Provide threat modeling and risk assessment services to characterize the risk and severity posture of various systems and components in the Cloud environment.
  • Run Cloud Continuous Monitoring reporting/metrics governing all security compliance/hygiene issues across the entire Cloud ecosystem.
  • Support the implementation of Infrastructure as Code (IaC) security checks as part of the end to end Cloud Service enablement work stream.
  • Develop and Deploy security guardrails through reusable patterns using standardized development frameworks.
  • Collect security-related operational metrics through automation and increase security visibility across the organization; measure the coverage and effectiveness of security tools; transparency over the security state of the Cloud.


  • Typically requires a Bachelor’s degree with a minimum of 9 years of related experience; Master’s degree with a minimum of 7 years of related experience; or PhD with a minimum of 5 years related experience.
  • In depth understanding of AWS services and implementation of security control.
  • Diverse knowledge and direct working experience with the following technologies: Splunk, Syslog, Artificial Intelligence Capabilities and data storage.
  • Experience with at least one standard programming language: Python, C, C++, Java, PHP, Shell Scripting.
  • Extensive knowledge of security best practices, ability to read and write Python code, familiarity with native cloud security services, detailed oriented, and strong communication skills.
  • Board experience and knowledge in the following areas: Cybersecurity Operations, Identity Management Systems, Network and Systems Architecture, UNIX and Windows systems administration.
  • In depth understanding and wide application of advanced principles, theories, concepts and techniques in securing networked computer systems. 
  • Excellent written and verbal communication skills, capable of effectively capturing and communicating technical information at all levels.

Additional Desired Skills:   

  • Demonstrated experience working individually or within cross-functional teams supporting programs with lab-wide impact.
  • Demonstrated success in understanding internal business processes in a high-tech environment such as project management and designing system enhancements with positive productivity improvements by enhancing functionality of user requirements.
  • AWS, Microsoft, or other cloud security related training and certifications.

Work Authorization


Connect with Us

Not ready to apply? Connect with us for general consideration.

JPL is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, citizenship, ancestry, age, marital status, physical or mental disability, medical condition, genetic information, pregnancy or perceived pregnancy, gender, gender identity, gender expression, sexual orientation, protected military or veteran status or any other characteristic or condition protected by Federal, state or local law.

In addition, JPL is a VEVRAA Federal Contractor.

EEO is the Law
EEO is the Law Supplement
Pay Transparency Nondiscrimination Provision

The Jet Propulsion Laboratory is a federal facility. Due to rules imposed by NASA, JPL will not accept applications from citizens of designated countries or those born in a designated country unless they are Legal Permanent Residents of the U.S or have other protected status under 8 U.S.C. 1324b(a)(3). The Designated Countries List is available here.