Back to all jobs
- Seniority
- Staff
About the role
<p><span class="TextRun SCXW174644119 BCX0" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW174644119 BCX0">The Nuclear Company is the fastest growing startup in the nuclear and energy space creating a never before seen fleet-scale approach to building nuclear reactors. Through its design-once, build-many approach and coalition building across communities, regulators, and financial stakeholders, The Nuclear Company is committed to delivering safe and reliable electricity at the lowest cost, while catalyzing the nuclear industry toward rapid development in America and globally.</span></span></p>
<p><strong><span class="TextRun SCXW174644119 BCX0" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW174644119 BCX0">About the role</span></span></strong></p>
<p><span data-contrast="auto">The Nuclear Company is searching for a </span><strong><span data-contrast="auto">Cloud Security Engineer</span></strong><span data-contrast="auto"> to help secure the AWS cloud infrastructure, network architecture, identity systems, and deployment platforms that power our Nuclear Operating System, internal engineering platforms, data environments, and mission-critical business systems.</span><span data-ccp-props="{}"> </span></p>
<p><span data-contrast="auto">This is a high-ownership role for a hands-on security builder who is equally comfortable designing AWS account architecture, reviewing Terraform, hardening VPC and transit-network patterns, building IAM guardrails, debugging cloud logs, and partnering directly with engineers to ship secure infrastructure quickly.</span><span data-ccp-props="{}"> </span></p>
<p><span data-contrast="auto">You will work across cybersecurity, infrastructure, product engineering, platform engineering, data science, and operations to embed security into the way we design, deploy, monitor, and operate AWS-based systems. You will help define secure cloud architecture, implement security controls as code, build scalable guardrails, and support the security expectations of a regulated, high-consequence infrastructure company.</span><span data-ccp-props="{}"> </span></p>
<p><span data-contrast="auto">This role reports into </span><span data-contrast="none">Senior Manager for Application and Product Security.</span></p>
<p><strong><span class="EOP SCXW174644119 BCX0" data-ccp-props="{"134245417":false,"201341983":0,"335559740":240}">Responsibilities</span></strong></p>
<p><strong>AWS Security Architecture </strong></p>
<ul>
<li>Own and improve the security architecture for AWS environments that support The Nuclear Company’s engineering, product, data, and business systems. </li>
<li>Design and implement secure multi-account AWS patterns using AWS Organizations, service control policies, identity federation, account baselines, network segmentation, and centralized logging. </li>
<li>Establish cloud-security standards for IAM, encryption, secrets management, logging, backup, data protection, workload isolation, and incident response. </li>
<li>Partner with software developers and platform engineers to review and harden cloud-native services, including compute, storage, networking, databases, serverless workloads, containers, and managed AWS services.<strong> </strong></li>
<li>Translate business, engineering, and regulatory requirements into practical AWS security controls that can scale with the company. </li>
</ul>
<p><strong>Identity, Access & Permissions</strong> </p>
<ul>
<li>Build and maintain least-privilege access models for human users, workloads, service accounts, CI/CD systems, and third-party integrations.</li>
<li>Harden AWS IAM, IAM Identity Center, role assumption patterns, permission boundaries, resource policies, and cross-account access.</li>
<li>Reduce long-lived credentials, standing privileges, orphaned access, and excessive permissions across AWS environments. </li>
</ul>
<p><strong>Cloud Networking & Infrastructure Protection </strong></p>
<ul>
<li>Design and review secure AWS network architectures, including VPCs, subnets, routing, security groups, NACLs, transit gateways, private connectivity, VPNs, Direct Connect, PrivateLink, VPC endpoints, egress controls, and network inspection patterns. </li>
<li>Implement and improve protections for internet-facing and internal services, including WAF, DDoS protection, load balancers, API gateways, DNS, TLS, and edge controls. </li>
<li>Partner with infrastructure teams to define secure network segmentation between development, staging, production, corporate, partner, and sensitive data environments. </li>
</ul>
<p><strong>Infrastructure-as-Code, Automation & DevSecOps </strong></p>
<ul>
<li>Build security controls as code using Terraform, CDK, CloudFormation, policy-as-code, CI/CD checks, and automated remediation. </li>
<li>Review infrastructure-as-code changes for security risks before they reach production. </li>
<li>Establish paved roads for engineers through secure Terraform modules, reusable cloud patterns, baseline account templates, and documented deployment standards. </li>
</ul>
<p><strong>Detection, Logging & Incident Readiness </strong></p>
<ul>
<li>Build and improve cloud detection and response capabilities using AWS-native and third-party tooling, including CloudTrail, GuardDuty, Security Hub, Config, VPC Flow Logs, CloudWatch, IAM Access Analyzer, and SIEM integrations. </li>
<li>Ensure high-value cloud events, identity events, network activity, data-access events, and administrative actions are logged, retained, monitored, and actionable. </li>
<li>Develop cloud incident-response playbooks for credential exposure, unauthorized access, public data exposure, network compromise, suspicious workload behavior, and deployment-system compromise. </li>
<li>Support tabletop exercises, incident simulations, and post-incident reviews. </li>
</ul>
<p><strong>Governance, Risk & Critical Infrastructure Security </strong></p>
<ul>
<li>Help build a cloud-security program that supports the security and compliance expectations of a nuclear energy company operating in regulated and high-consequence environments. </li>
<li>Drive cloud vulnerability, misconfiguration, and exception management through risk based remediation and continuous control improvement. </li>
<li>Support alignment with relevant cybersecurity frameworks and standards, including NIST CSF, NIST 800-53, SOC 2, NERC CIP, IEC 62443, CIS Benchmarks, AWS Well-Architected, and internal security policies. </li>
</ul>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Experience</span></strong></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">4+ years of experience in cloud security, infrastructure security, network security, security engineering, or cloud architecture. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">3+ years of hands-on experience securing production AWS environments. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Deep understanding of AWS security services and patterns, including IAM, AWS Organizations, SCPs, CloudTrail, GuardDuty, Security Hub, Config, KMS, Secrets Manager, VPC security, S3 security, logging, encryption, and incident response. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Strong AWS networking experience, including VPC design, routing, subnetting, security groups, NACLs, transit gateways, VPC endpoints, VPNs, Direct Connect, DNS, TLS, load balancers, WAF, and network segmentation. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience building or reviewing infrastructure-as-code using Terraform, CDK, CloudFormation, or similar tooling. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Ability to automate security work using Python, Go, TypeScript, Bash, or equivalent scripting/programming experience. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience designing cloud logging, monitoring, detection, and response workflows. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><strong><span data-contrast="none"><span data-ccp-parastyle="heading 2">Preferred Experience</span></span><span data-ccp-props="{"134245418":true,"134245529":true,"335559738":160,"335559739":80}"> </span></strong></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience as a cloud security architect, infrastructure security engineer, network security engineer, platform security engineer, or senior cloud engineer with a strong security focus. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Active </span><span data-contrast="auto">AWS Certified Security – Specialty</span><span data-contrast="auto"> and </span><span data-contrast="auto">AWS Certified Advanced Networking – Specialty</span><span data-contrast="auto"> certifications. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">AWS Solutions Architect – Professional, AWS DevOps Engineer – Professional, CCSP, CISSP, GIAC Cloud Security Automation, GIAC Cloud Security Essentials, or similar credentials. </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience securing cloud environments in regulated, industrial, energy, national security, aerospace, financial services, healthcare, or other mission-critical environments. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience with AWS Control Tower, AWS Landing Zone Accelerator, IAM Access Analyzer, Verified Permissions, AWS Network Firewall, AWS Firewall Manager, AWS Shield, AWS WAF, Macie, Detective, Inspector, or similar tooling. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Experience with policy-as-code tools such as OPA, Sentinel, Checkov, tfsec, Terrascan, CloudFormation Guard, or similar. </span><span data-ccp-props="{"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Genuine interest in nuclear energy, critical infrastructure, hard-tech, and applying cloud security to physical systems. </span><span data-ccp-props="{"335559739":0}"> </span></li>
</ul>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Benefits</span></strong></p>
<ul>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Competitive compensation packages</span></li>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">401k with company match</span></li>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Medical, dental, vision plans</span></li>
<li><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Generous vacation policy, plus holidays</span></li>
</ul>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">Estimated Starting Salary Range<br></span></strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">The estimated starting salary range for this role is $150,000 - $173,000 annually less applicable withholdings and deductions, paid on a bi-weekly basis. The actual salary offered may vary based on relevant factors as determined in the Company’s discretion, which may include experience, qualifications, tenure, skill set, availability of qualified candidates, geographic location, certifications held, and other criteria deemed pertinent to the particular role. </span></p>
<p><strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">EEO Statement<br></span></strong><span data-ccp-props="{"134233117":false,"134233118":false,"134245417":false,"201341983":0,"335559738":0,"335559739":0,"335559740":240}">The Nuclear Company is an equal opportunity employer committed to fostering an environment of inclusion in the workplace. We provide equal employment opportunities to all qualified applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other protected characteristic. We prohibit discrimination in all aspects of employment, including hiring, promotion, demotion, transfer, compensation, and termination.</span></p>
<div><strong>Export Control</strong><br>Certain positions at The Nuclear Company may involve access to information and technology subject to export controls under U.S. law. Compliance with these export controls may result in The Nuclear Company limiting its consideration of certain applicants.</div>
<div> </div>
<div><strong>Recruiting Fraud Alert</strong><br>Your safety is our priority. We want to ensure your job search stays secure. Please note that the team at The Nuclear Company only communicates through official <strong>@thenuclearcompany.com</strong> email addresses. We will never ask for payments or sensitive financial information at any stage of our recruitment process. For your peace of mind, please verify all openings and submit your applications directly through <a href="https://www.thenuclearcompany.com/careers"><strong>our official careers page</strong></a>.</div>
Perks & benefits
- 401k
- Vision Insurance
- Pension Matching
731,000+ hidden jobs like this
The Nuclear Company and thousands of companies post here first — often days before LinkedIn or Indeed. Your first 5 applications are free; go Pro to apply without limits.
Everything Pro unlocks:
- Unlimited applications — free stops at 5
- Track every application in one place
- Apply straight to the source, one click
- Save & organize roles you love
- Roles pulled from company boards before the big sites
