Secure what powers every Coveo experience!
Are you driven to design secure-by-default cloud environments at scale? As a Cloud Security Developer at Coveo, you’ll protect and evolve the foundations of our cloud infrastructure across Amazon Web Services (AWS) and beyond.
You’ll operate at the intersection of security and infrastructure, building automation, guardrails, and detection capabilities that enable teams to move fast, without compromising trust. If you’re excited about hardening systems that power artificial intelligence (AI)-driven products used worldwide, this is your playground.
As one of our Cloud Security Developers, you will:
- Design and evolve secure cloud architectures across AWS, including network segmentation, encryption, identity and access management (IAM), and centralized logging.
- Build and enforce secure-by-default infrastructure using infrastructure as code (Terraform, AWS CloudFormation), embedding security controls directly into delivery workflows.
- Own and continuously improve access management models, implementing least-privilege policies, temporary access patterns, and cross-account strategies.
- Develop and enhance cloud detection, monitoring, and alerting capabilities using tools such as Amazon GuardDuty, AWS CloudTrail, and AWS Security Hub.
- Strengthen container and Kubernetes security, including workload isolation, image scanning, runtime protection, and network policies.
- Partner with infrastructure and engineering teams to review designs, support compliance initiatives (SOC 2, ISO 27001, CIS Benchmarks), and actively contribute to incident response.
Here is what will qualify you for the role:
- 5+ years of hands-on experience securing AWS environments, including IAM, virtual private cloud (VPC), key management service (KMS), logging, and multi-account strategies.
- Proficiency in Python for automation, tooling, and security integrations.
- Experience designing and securing cloud network architectures and implementing least-privilege access at scale.
- Practical experience with infrastructure as code (Terraform preferred) and production-grade Kubernetes security.
What will make you stand out:
- Experience with cloud security posture management (CSPM) platforms such as Prisma Cloud, Wiz, Lacework, or AWS-native equivalents.
- Background in cloud detection and response, including rule development, automated remediation playbooks, or forensic investigations.
- Experience implementing zero-trust architectures or advanced micro-segmentation strategies.
- Relevant certifications such as AWS Security Specialty, Certified Kubernetes Security Specialist (CKS), Certified Cloud Security Professional (CCSP), or AWS Solutions Architect.
Do you think you can bring this role to life? Send us your application, we want to hear from you!
Join the Coveolife!
We encourage all qualified candidates to apply regardless of, for example, age, gender, disability, gaps in CV, national or ethnic background.
This job description was written by humans, assisted by AI. We may leverage technology in our hiring process to help us see the person behind the resume.
Coveo is committed to providing accessible employment practices. If you require accommodation due to a disability at any point during the recruitment process, please contact HR@Coveo.com to discuss your needs.