[[Open to Brazil and Costa Rica-based applicants]]

Position Overview

GRIN is seeking a Cloud Security Engineer to cultivate a security-first mindset within our organization. As part of the Cloud Security team at GRIN, you’ll partner with our DevOps, Engineering, and IT teams to engineer, develop, build, manage, maintain, and implement secure solutions from the ground up. In this role, you will also ensure that our platform remains compliant with industry standards and regulations.

Responsibilities
• Cloud Security Standards: Drive the development and adoption of cloud security standards, best practices, and technologies within GRIN’s products and cloud infrastructure to enable security and privacy by design, ultimately ensuring a highly secure and compliant SaaS platform.
• Security Posture: Ensure the security posture of our cloud platforms through continuous monitoring, policy enforcement, and adherence to industry regulations.
• Collaboration: Work in conjunction with multiple teams to enable secure and compliant cloud deployments.
• Compliance & Auditing: Conduct and lead comprehensive assessments of information security and privacy policies and procedures against applicable regulations, laws, and standards. Automate compliance, auditing, and monitoring of controls.
• Policy Development: Develop, update, and maintain security standards, policies, and procedures in line with compliance requirements.
• User Access Management: Perform user access reviews, manage onboarding and offboarding of users and their accounts, and ensure proper adherence to access control policies.
• Risk Management: Perform compliance risk assessments for vendors, products, services, or processes, and collaborate on the remediation of identified gaps.
• Incident Detection & Response: Conduct security monitoring and data analysis to detect, respond to, and remediate security incidents.
• Security Awareness: Assist with the implementation of security awareness and education programs across the organization.
• Communication: Translate security and technical requirements into business requirements, effectively communicating risks to a diverse audience ranging from business leaders to engineers.

Qualifications
• Required:Cloud Security Expertise: 2+ years of experience building or developing solutions for cloud security, with a strong understanding of AWS, Infrastructure as Code (IaC), web application development, and DevOps practices.
• Compliance Auditing: Experience in compliance auditing, particularly in public cloud environments (AWS preferred), with familiarity in standards such as SOC 2, ISO 27001/27002, CCPA, and GDPR.
• Technical Security Skills: Strong knowledge of security technologies and architecture, including encryption, cloud network security design, and application security.
• Automation & Compliance: Experience with automating compliance, security, and governance tasks, including cloud configuration compliance monitoring and management.
• Passion for Security: A strong desire to fix security issues, coupled with curiosity, versatility, and a willingness to learn.
• Collaboration & Communication: Excellent written and verbal communication skills, with the ability to work collaboratively in a global team.
• Initiative & Independence: Ability to take initiative, be proactive, work independently, and adapt to a fast-paced, high-growth environment.
• Analytical Skills: Strong problem-solving and analytical abilities, with the capability to present complex information in a clear, concise manner.
• Nice to have:Certifications: Relevant certifications such as CISSP, CISA, CISM, AWS Solutions Architect, or other security certifications.
• Scripting & Automation: Experience with scripting languages (e.g., Python, Bash, PowerShell) and automation.