Job Description

Jefferies is seeking a Senior Cloud Security Engineer (Vice President) to join our Information Security team. This hands-on engineering role is responsible for researching, designing, implementing, and supporting cloud security solutions in a complex multi-cloud environment. You will work directly with engineering and application development teams to ensure secure cloud architectures, align on security requirements, and protect the company's assets. In this role you will build relationships across the organization and clearly communicate security strategies and architectures to both technical and non-technical audiences.



The ideal candidate is highly technical, adaptable to a fast-paced financial services environment, and self-motivated. You should be an excellent team player who can work with minimal supervision and effectively prioritize multiple projects. We value strong problem-solving abilities and the skill to articulate complex security issues clearly. You will be expected to drive cloud security initiatives to completion and consistently deliver effective, innovative solutions that enhance Jefferies' security posture.

Key Responsibilities & Tasks

Drive the cloud security strategy and hands-on implementation of security controls and policies across all cloud service models (IaaS, PaaS, SaaS, FaaS). Partner with Cloud Engineering to establish, manage, and operate within technical governance processes for cloud services, ensuring compliance with internal policies and industry standards. Conduct security architecture reviews for third-party vendors and in-house applications, identifying risks in designs and recommending improvements. Work closely with application developers, Cloud Engineering, and other infrastructure teams to design and implement security at every level of the cloud environment (network, platform, application). Define and develop reusable secure configurations and Infrastructure-as-Code templates (CloudFormation/Terraform) that enforce cloud security best practices ("shift-left" on security). Optimize the use of security tools and automation in the cloud. Deploy and manage cloud security solutions (e.g. container/Kubernetes runtime sensors, agentless scanning), and automate security controls and monitoring where possible. Identify emerging cloud threats and vulnerabilities, and partner with SecOps to drive the implementation of both preventive and reactive controls (alerts, incident response playbooks) to address them in our multi-cloud environment. Manage relationships with cloud security vendors and service providers to ensure we leverage the best capabilities cost-effectively.

Qualifications/ Experience

Deep knowledge of AWS and Azure core services and security features. Experience securing cloud infrastructure and SaaS applications in a highly regulated environment. Solid understanding of servers, networking, storage, databases, and how they integrate in cloud and hybrid environments. Proficiency in Infrastructure as Code (CloudFormation, Terraform) and ability to automate tasks using scripting (Python or PowerShell) and REST APIs. Hands-on experience with cloud security platforms or tools (cloud-native security services, CSPM, or CNAPP solutions). Strong understanding of application security principles and practices - knowledge of SAST/DAST tools and common web vulnerabilities (OWASP Top 10) and their remediation. Familiarity with security frameworks such as NIST CSF and the Cloud Security Alliance's Cloud Controls Matrix (CCM). Experience supporting developers and integrating security into the SDLC (CI/CD pipelines, code reviews, artifact scanning). Ability to identify and communicate security risks and solutions clearly to both senior management and technical teams. Proven ability to manage multiple initiatives simultaneously and adapt to changing business priorities. Effective working in cross-functional, global teams and coordinating across different time zones. Self-starter who can take initiative and also mentor others on best practices. Capable of leading incident response efforts and driving projects to completion. * Excellent analytical skills with the ability to assess complex problems and propose practical, effective security solutions that align with business objectives.