Cloud Security Engineer
Description
Tyler Technologies is seeking an experienced Cloud Security Engineer to support our Data and Insights (D&I) solutions within the Security team. This role offers a meaningful opportunity to shape the security posture of our D&I cloud platform, embed security-focused practices into our engineering workflows, and support the ongoing operation and evolution of our FedRAMP Moderate Authorization to Operate (ATO).
As a Cloud Security Engineer, you will partner closely with infrastructure, product, and engineering teams in a fast-paced, results-driven environment, contributing hands-on expertise to secure, compliant, and resilient cloud services that support transformational change across Tyler’s platform.
The D&I solutions serves as Tyler Technologies' central hub for data, reporting, analytics, and artificial intelligence capabilities. Our teams build and maintain the foundational services and solutions that enable data-driven innovation across Tyler's product portfolio. We empower teams throughout the organization to incorporate advanced analytics, AI, and data-driven features into their products, ultimately helping government agencies make better decisions and serve their communities more effectively. Team members contribute their expertise to reduce complexity, introduce innovative solutions, and advance Tyler's data-driven future.
Responsibilities
- Own cloud security architecture and technical controls across AWS environments. Designing and operating scalable, auditable safeguards that support FedRAMP, CJIS, HIPAA, and GDPR workloads.
- Execute and sustain FedRAMP Moderate technical requirements in production. Partnering with Product Security and GRC peers to maintain control effectiveness, remediate findings, and support ongoing authorization activities.
- Build and enforce automated cloud security guardrails. Establishing configuration baselines, policy enforcement, and drift detection to prevent non-compliant infrastructure changes.
- Secure AWS network boundaries and regulated data flows. Ensuring segmentation, ingress and egress controls, and inspection patterns meet regulatory and organizational security requirements.
- Support cryptographic and platform security standards. Ensuring encryption, key management, and platform configurations align with regulatory expectations and industry best practices.
- Lead security readiness for significant architectural change. Performing technical security impact analysis for new services, infrastructure changes, and boundary expansions before production deployment.
- Integrate cloud security telemetry into detection and response workflows. Ensuring logging and security signals support continuous monitoring, investigations, and audit evidence needs.
- Embed cloud security into infrastructure and delivery workflows. Collaborating with Infrastructure Engineering to integrate security controls into infrastructure-as-code and CI/CD processes.
- Apply cloud security controls across multi-regulatory environments. Supporting CJIS, HIPAA, and GDPR workloads while reducing one-off solutions and improving consistency.
- Contribute to cloud security strategy and maturity. Helping define the D&I cloud security roadmap, identifying opportunities for automation, and evolving security practices over time.
Qualifications
Soft Skills
- Accountable and Self-Directed. Owns work end-to-end, makes sound decisions with limited direction, and accepts responsibility for outcomes in regulated cloud environments.
- Strong Judgment and Decision-Making. Evaluates risk thoughtfully, anticipates downstream impacts, and balances security, compliance, and delivery realities.
- Clear and Credible Communicator. Explains complex cloud security and compliance topics clearly to engineers, auditors, customers, and non-technical stakeholders; documents decisions and evidence with precision.
- Highly Organized and Reliable. Manages multiple concurrent efforts, meets deadlines consistently, and produces accurate, audit-ready work products.
- Resilient and Adaptable. Able to manage shifting priorities, audit pressure, and evolving regulatory requirements without sacrificing quality or professionalism.
- Detail-Oriented with Systems Thinking. Understands how individual cloud or configuration decisions affect broader platform risk, compliance posture, and customer trust.
- Pragmatic and Solutions-Focused. Seeks practical, sustainable security outcomes rather than theoretical perfection; knows how to move work forward within constraints.
- Collaborative and Team-Oriented. Works effectively across security, infrastructure, engineering, and compliance teams; contributes to shared goals without seeking credit.
- Open to Feedback and Continuous Improvement. Actively seeks input, learns from experience, and continuously develops skills aligned with role expectations and organizational goals.
Tools and Technologies
- AWS cloud security and infrastructure services, including IAM, VPC networking, Security Groups/NACLs, CloudTrail, GuardDuty, AWS Config, Security Hub, KMS, and CloudWatch.
- Infrastructure as Code (IaC) using tools such as Terraform or CloudFormation, with an emphasis on secure, repeatable deployments and configuration baselines.
- Linux-based operating systems (e.g., Amazon Linux, Ubuntu) with strong command-line proficiency and an understanding of OS-level hardening.
- Network security fundamentals, including segmentation, private connectivity patterns, ingress/egress controls, and secure service-to-service communication.
- Cloud-native security monitoring and logging, including centralized log aggregation, alerting, investigation, and correlation across infrastructure and security telemetry.
- Vulnerability and cloud security posture management, including misconfiguration detection, risk prioritization, and remediation tracking in cloud environments.
- Security automation and scripting, using languages such as Python or Bash to validate configurations, collect compliance evidence, and reduce manual effort.
- Secure CI/CD and engineering collaboration practices, including integrating security checks into pipelines and reviewing infrastructure, configuration, and policy changes via pull requests in GitHub.
- Experience securing containerized workloads in AWS, including an understanding of ECS and Fargate security models, task and execution IAM roles, networking and isolation boundaries, logging, and shared responsibility considerations.
- Experience working with modern cloud security tooling, including infrastructure and cloud-focused code scanning, cloud security posture management, endpoint and workload telemetry, and centralized log analysis platforms
- (e.g., GitHub Advanced Security, Tenable Cloud Security, CrowdStrike, Sumo Logic; familiarity with tools such as Nessus, AquaSec, Invicti, and CI/CD platforms like Jenkins or GitHub Actions is a plus)
- Working knowledge of NIST-based security frameworks, particularly NIST SP 800-53, with the ability to map technical implementations to control intent and audit evidence.
- Experience supporting compliance-driven environments, such as FedRAMP Moderate, CJIS, HIPAA, SOC 2, or similar regulated frameworks.
- Identity, access, and cryptography fundamentals, including least privilege, service roles, federated access, MFA enforcement, encryption in transit and at rest, certificate management, and FIPS-aligned cryptographic practices.
- Ability to pass a federal background check and obtain and maintain CJIS clearance required
- Other
- Bachelor's degree in Computer Science, Engineering, Mathematics, Information Systems, or a related field preferred
- Valued Certifications: AWS Security Specialty, AWS Solutions Architect, CompTIA Security+, CISSP
Candidates with less experience directly applicable to this position will be considered. You belong here! Not everyone checks every single box, and we encourage you to apply.