Cloud Security Engineer

Spacecraft represent the most pressing unmet need across the entire aerospace industry. As more launch vehicles come online and the cost to orbit decreases, more companies launching payloads to space continue to emerge.

For the first time in history, this influx of payload companies combined with reduced launch costs has resulted in a massive increase in need for commercial spacecraft platforms, known as satellite buses. These buses hold the payloads of our customers and are flown on launch vehicles.

Apex manufactures these satellite buses at scale using a combination of software, vertical integration, and hardware that is designed for manufacturing. Our spacecraft enable the future of society: ranging from earth observation to communications and more.

We’d love for you to join us on our mission of providing humankind access to the galaxy beyond our planet. 

About the Role

We are seeking a Cloud Security Engineer to design, implement, maintain, and optimize secure cloud environments supporting U.S. government, DoD, and intelligence community missions.

This role plays a critical part in protecting classified and sensitive data in AWS, Azure, and hybrid/multi-cloud infrastructures while ensuring full compliance with federal standards such as NIST 800-53, FedRAMP, RMF, and DoD Impact Levels (IL-4/IL-5).

The candidate must hold an active Secret clearance (TS/SCI preferred) and bring hands-on experience securing cloud platforms in regulated environments. This role will help the organization meet industry standards such as SOC2, ISO 27001, PCI-DSS, GDPR/CCPA, or other relevant compliance frameworks.

Responsibilities:

• Design and implement secure cloud architectures and configurations across AWS GovCloud, Azure, and/or Google Cloud, applying best practices for least privilege encryption, network segmentation, and data protection.

• Implement and maintain cloud security frameworks, ensuring ongoing compliance with NIST 800-53 Rev. 5, FedRAMP, DoD IL-2/4/5, RMF, and Secure Cloud Computing Architecture (SCCA) requirements.

• Configure and manage Identity and Access Management (IAM), Role-Based Access Control (RBAC), Just-In-Time (JIT) access, Key Vaults, and Zero Trust Architecture (ZTA) principles across cloud environments.

• Engineer, deploy, and optimize cloud-native security tools, including Microsoft Defender for Cloud, Azure Sentinel, AWS GovCloud security services, CSPM/CWPP solutions, and SIEM (Elastic) platforms for threat detection, monitoring, and response.

• Conduct vulnerability assessments, penetration testing simulations, security configuration reviews (against STIGs, CIS benchmarks, and NIST controls), and continuous
monitoring of cloud resources.

• Develop, maintain, and update System Security Plans (SSP), Security Assessment Reports (SAR), Plans of Action & Milestones (POA&M), and risk/compliance reporting for cloud-based operations.

• Identify, analyze, and respond to Indicators of Compromise (IoCs), threat intelligence, and security incidents within cloud environments; perform root-cause analysis and implement preventive controls.

• Perform periodic security reviews and audits of cloud environments (Azure, AWS, hybrid) to ensure sustained compliance, mitigate evolving threats, and update policies/procedures.

• Collaborate with DevSecOps, infrastructure, and development teams to integrate security into CI/CD pipelines, automate security controls, and support secure cloud migrations or
modernization initiatives.

• Assess current cloud architectures, propose security improvements, review designs through a security lens, and serve as a subject-matter expert on cloud security tools,
processes, and best practices.

• Coordinate with configuration management teams to ensure hardware/software changes adhere to security protocols, maintain version control, and support documentation of the cyber terrain.

• Develop, enforce, and maintain cloud security policies, standards, and automated guardrails to support secure CI/CD pipelines and infrastructure-as-code (IaC) practices (e.g., using Terraform, CloudFormation).

• Monitor cloud environments for security incidents, investigate alerts, perform root-cause analysis, and coordinate incident response activities.

• Identify emerging threats and recommend proactive improvements to cloud security posture, including automation of security controls and processes.

• Provide guidance and training to engineering teams on secure cloud design patterns and best practices.

• Ability to be on-site 5 days a week at our office Playa Vista.

Requirements:

• Security Clearance: Active U.S. Secret clearance required (TS/SCI)

• Must be a U.S. citizen.

• Education: Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or a related field (or 5+ years equivalent professional experience in cloud security engineering)

• Experience: 5–9+ years in cloud security engineering, with hands-on work in AWS GovCloud, Azure, Google GCP, or multi-cloud environments.

• Strong analytical, problem-solving, communication, and collaboration skills; ability to work in fast-paced, mission-critical environments.

Technical Skills:

• Deep knowledge of cloud platforms (AWS GovCloud, Azure Government, etc.), IAM/RBAC, encryption, network security, and cloud-native security services.

• Familiarity with SIEM, vulnerability scanners, threat intelligence, and automation tools (e.g., Terraform, Python scripting).

• Experience with compliance frameworks (NIST, FedRAMP, RMF) and tools like Azure Sentinel, NESSUS, BURP SUITE, Microsoft Defender, or AWS equivalents.

• Deep understanding of network security, encryption, logging/monitoring, and container/Kubernetes security.

• Experience with infrastructure-as-code, scripting (Python, PowerShell, etc.), and security automation tools.

• Additional Certifications:

• CISSP, AWS Certified Security-Specialty, AWS Certified Solutions Architect (Associate or Professional), Microsoft Certified: Security, Compliance & Identity, Security+, CEH, or CSSP related (e.g., CySA+, GCIH).

Why Join Apex?

Apex believes in creating a work environment that you look forward to embracing every day. Our employees love working at Apex, and we want you to love it too. We're a fast-growing startup backed by $200M in Series D funding, and we invest heavily in our people from day one.

What We Offer For Full-time Employees:

• Shared upside: Receive equity in Apex, letting you benefit from the work you create

• Best-in-class healthcare: 100% company-paid medical, dental, and vision for you and your dependents, plus $100k life insurance at no cost

• Comprehensive PTO package to reset and recharge - starting at 15 days vacation, growing to 20+ days annually, plus 10 paid holidays

• Competitive 401(k) plan with generous matching - 100% match on first 3%, 50% on next 2%

• 8 weeks paid parental leave plus childcare reimbursement up to $350/day for work-related travel

• Daily catered lunch and unlimited snacks to keep you fueled throughout the day

• Vibrant community: Monthly office BBQs, pickleball tournaments, run club, and social gatherings for you and your family

• Your dream desk setup and all the tools you need to be your most productive self

• World-class Playa Vista office with EV chargers, with the benefit of in-person collaboration with amazing coworkers and flexibility to integrate work and life

• Real impact opportunity: Work alongside experts from aerospace, new space, and other cutting-edge industries to make a lasting difference

Ready to join a team where your contributions matter and your future is bright? Let's build something extraordinary together.

Equal Opportunity Employer

Apex Technology, Inc. is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Candidates and employees are always evaluated based on merit, qualifications, and performance. We will never discriminate on the basis of race, color, gender, national origin, ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability, or any other legally protected status.