Senior Engineer, Cloud Security

PayCargo LLC

Miami, FL

JOB DETAILS
SKILLS
Access Control, Amazon Web Services (AWS), Analysis Skills, Applications Security, Artificial Intelligence (AI), Auditing, Brokerage, CCSP - Cisco Certified Security Professional, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cargo/Freight, Certificate Authorities, Certificate Issuance, Cloud Computing, Communication Skills, Computer Science, Continuous Deployment/Delivery, Continuous Integration, Control Engineering, Cost Control, Customer Relations, Design Patterns Programming Methodologies, DevOps, Digital Certificates, Documentation, Ecosystems, Equal Employment Opportunity (EEO), GitHub, ISO (International Organization for Standardization), Identity Federation, Incident Response, Information Technology & Information Systems, Internet Security, Load Balancing, Logistics, Machine Tool, Material Moving, Microsoft Product Family, Multiplatform/Cross-Platform, OAuth, On Call, PCI, PCI-DSS, Payment Processing, Penetration Testing, Problem Solving Skills, Production Control, Profit & Loss, Protective Services, Public Key Infrastructure (PKI), Regulatory Compliance, Risk, Root Cause Analysis, SSL-TLS (Secure Socket Layer - Transport Layer Security), Security Assertion Markup Language (SAML), Security Attacks, Security Monitoring, Shipping/Receiving, Single Sign-On (SSO), Software Engineering, Software as a Service (SaaS), Time Management
LOCATION
Miami, FL
POSTED
Today

About PayCargo:

Millions of shipments with goods and materials move around the world daily, by land, sea, or air. PayCargo is the world's leading online payment solution that is revolutionizing the shipping and cargo world. With a fast and efficient way to reduce costs associated with payment processing, we help improve the speed and profitability of our customers' businesses.

PayCargo's platform connects payers and vendors across the cargo and logistics ecosystem, supporting payments, remittance data, integrations, vendor release workflows, and customer-facing digital experiences.

About the Role:

The Senior Engineer, Cloud Security is responsible for strengthening and operating PayCargo's security controls across a modernizing platform that spans legacy systems, a multi-account AWS environment, Microsoft Entra ID, GitHub/ZenHub workflows, GitHub Actions pipelines, and a growing set of secure AI platform requirements. This is a senior, hands-on engineering role — not an entry-level or SOC-analyst position — focused on implementing and operating security controls, not only monitoring them.

This is a hands-on individual contributor role on PayCargo's DevSecOps team. The Senior Engineer - Cloud Security continuously monitors the perimeter, hardens cloud and endpoint controls, runs access reviews, supports audits, and leads incident response, turning security obligations into repeatable operational controls rather than one-time checklist items. The role requires strong judgment, strong follow-through, and the ability to reduce reactive fire drills while raising overall control maturity.

The Senior Engineer, Cloud Security partners closely with DevOps, Engineering, Architecture, Product, Compliance, Support, and executive stakeholders to keep PayCargo's global payments platform secure, available, and audit-ready.

This position has no direct reports. The role leads indirectly by setting and enforcing security standards, guiding engineers and DevOps toward secure patterns, and reducing single points of failure across the security function.

As the Senior Engineer, Cloud Security, you will:

Security Operations & Monitoring

  • Monitor the perimeter, cloud, and endpoint environments for threats, misconfigurations, and anomalous activity across AWS and Microsoft Entra ID
  • Operate and tune security tooling, including CrowdStrike, Microsoft Defender, and CloudWatch and SNS logging and alerting
  • Triage security alerts, drive incident response, and lead root cause analysis with clear, durable follow-up
  • Maintain and improve on-call and escalation workflows (e.g., PagerDuty) so security events are handled consistently

Identity, Access & Control Maturity

  • Run periodic access reviews and enforce least privilege across AWS IAM and IAM Identity Center, Microsoft Entra ID, and SaaS platforms
  • Strengthen RBAC/ABAC, MFA, and SSO, SAML2, and OAuth2/OIDC patterns across internal and customer-facing systems
  • Reduce standing access and broad repository or local admin privileges in favor of bounded, auditable access
  • Operate the federated access model, including SAML-based assumed access to AWS (via CommonFate Granted) and GitHub OIDC for pipelines, so people and CI receive least-privilege, time-bound access without static credentials
  • Operate the PKI, including AWS Private CA and ACM, certificate issuance and rotation, CRLs, and mTLS trust stores on load balancers
  • Administer Entra ID groups and the Tailscale ACLs that gate network access
  • Govern dependency and supply-chain risk using Dependabot and approved-package practices, and keep secrets in AWS Secrets Manager and SSM Parameter Store

Compliance & Audit Evidence

  • Support SOC 1 Type 2, SOC 2, and PCI DSS obligations by owning the implementation of controls and the evidence behind them
  • Coordinate penetration testing, remediation tracking, and verification of fixes
  • Produce clean, repeatable audit evidence and reduce last-minute audit scrambles
  • Translate compliance requirements into operational controls engineers can follow without constant guidance

Secure AI Platform Support

  • Help enforce containment for AI and model usage, including stateless model access, whitelisted egress, and approved destinations
  • Support tokenization and PII-protection patterns so sensitive data is not exposed to model providers
  • Review AI-assisted workflows and applications for security boundaries, logging, and blast-radius reduction

Cross-Functional Partnership

  • Partner with DevOps and Engineering to embed security into the Terraform and GitHub Actions pipelines, environments, and deployment paths
  • Work with Compliance on audits and frameworks (SOC, PCI, ISO 27001) and on auditor-facing reporting
  • Advise Product and Architecture on secure-by-design patterns and practical trade-offs
  • Implement and operate the security controls, boundaries, and egress rules defined in the platform architecture owned by the Director of Cloud & AI Platform Architecture
  • Provide clear status, escalate risks early, and document controls, runbooks, and decisions

Required Qualifications:

  • 5+ years of hands-on security engineering, cloud security, or security operations experience preferred
  • Strong working knowledge of AWS security and identity services, plus an enterprise identity provider such as Microsoft Entra ID or Okta
  • Hands-on experience with endpoint and threat tooling such as CrowdStrike and Microsoft Defender
  • Practical experience with SOC and/or PCI DSS controls, audits, and evidence
  • Strong understanding of IAM, RBAC/ABAC, MFA, SSO, SAML2, OAuth2/OIDC, JWT, including common failure modes, and least-privilege design
  • Hands-on experience with PKI and certificates, including a certificate authority such as AWS Private CA, TLS and mTLS, and certificate issuance, rotation, and revocation
  • Experience with incident response, logging and alerting, and root cause analysis
  • Ability to convert security and compliance requirements into repeatable operational controls
  • Strong communication and documentation skills, and the ability to influence without direct authority

Experience and Education:

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related field, or equivalent practical experience
  • 5+ years of hands-on security engineering, cloud security, or security operations experience preferred
  • Demonstrated experience operating production security controls in cloud environments
  • Experience supporting SOC, PCI, or comparable audits and frameworks
  • Payments, fintech, SaaS, or logistics experience is a plus

Preferred Qualifications:

  • Security certifications such as CISSP, CISM, CCSP, or equivalent
  • Experience coordinating penetration testing and managing remediation
  • Familiarity with secure AI/LLM patterns, data tokenization, and egress control
  • Experience securing CI/CD pipelines (GitHub Actions), GitHub/ZenHub, and Terraform-based infrastructure-as-code
  • Experience with zero-trust network access such as Tailscale or Zscaler, and SSO brokers such as CommonFate Granted
  • Experience in payments, fintech, SaaS, or other regulated, high-volume environments
  • Familiarity with ISO 27001 and SaaS security posture management

You Will Likely Succeed If:

  • Have a winning attitude
  • Are naturally curious with an always-learning mentality
  • Treat security as an enabler, not only a gatekeeper
  • Love to solve difficult problems
  • Are assertive, confident, but also humble
  • Speak with clarity and listen with intention
  • Are disciplined with your processes, documentation, and follow-up
  • Can own a problem end to end without constant direction
  • Take ownership of both the security outcome and the business result

What Success Looks Like:

  • Security controls are operational, monitored, and repeatable rather than reactive
  • Access is least-privilege, reviewed, and auditable across cloud and SaaS
  • Audits and penetration tests are supported with clean evidence and timely remediation
  • Incidents are handled with clear response, root cause analysis, and durable fixes
  • AI and platform initiatives ship with security boundaries built in from the start
  • The Senior Engineer - Cloud Security becomes a trusted owner of one or more critical security domains within 90 to 180 days

What We Offer:

Our compensation package includes a competitive salary and bonus plan.

We care about your wellbeing and personal life. We offer vacation, sick, personal time off policies, a generous 401K match, and strong healthcare benefits.

Your success at PayCargo is determined by the impact that you are making, and how well you collaborate with the various teams that you interact with. Everyone at PayCargo is empowered to take ownership to learn, self-improve, and master their skills in an environment focused on efficiency, collaboration, and purpose.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity employer.

About the Company

P

PayCargo LLC