Job Description

Island is the ideal environment for enterprise work, where security is everywhere without ever getting in the way.

The Island Enterprise Platform unifies AI enablement, network access, data protection, identity, and endpoint control into one coherent workspace—so organizations get universal visibility and control, and users get a fast, fluid, beautifully simple experience. It's not just a better way to secure work. It's a better way to work. Backed by investors like Coatue Management, Insight Partners, Sequoia Capital and Cyberstarts, and trusted by some of the largest, most respected enterprises on the planet, Island is redefining what the modern workplace can be.

Come join us in building something that's already changing how the world works, we’re always looking for world-class human beings (not resumes) to join the movement.

As a Cloud Security Lead (Cloud Security Architecture & Hardening) at Island, you will design, implement, and enhance the security of our mission-critical cloud infrastructure and the Island Enterprise Browser by establishing robust security architectures, implementing proactive hardening controls, and driving continuous operational excellence. You will play a critical role in safeguarding our cloud environment, shaping the foundational security posture through precision, innovation, and design foresight.

Key Responsibilities

• Cloud Security Architecture & Hardening: Design and enforce security baselines, configurations, and reference architectures across our multi-cloud footprint (AWS/GCP/Azure). Evaluate new cloud services and features for security implications and create hardened deployment standards for IaaS, PaaS, and serverless components.
• Security Engineering & Automation: Develop and deploy security-as-code solutions, integrating security controls directly into CI/CD pipelines and leveraging Infrastructure-as-Code (IaC) tools to ensure continuous configuration integrity and compliance. Develop custom automation for detection, alerting, and triage workflows, leveraging cloud SDKs and APIs.
• Cloud Security Monitoring & Observability: Design, implement, and maintain cloud-native security monitoring solutions (e.g., utilizing services like CloudTrail, GuardDuty, Security Command Center) to ensure comprehensive visibility across the cloud control plane and data plane.
• Incident Triage & Response: Support the security team in investigating and responding to critical security events and vulnerabilities, creating runbooks, and contributing to post-incident remediation and architectural improvements.
• Security Enablement & Awareness: Collaborate with product, engineering, and IT teams to improve security awareness, deliver training, and drive adoption of security best practices across Island, specifically for IaaS, PaaS, and secure DevOps practices.

Requirements

• Deep expertise in designing, implementing, and reviewing secure cloud architectures, including network segmentation, policy enforcement, and infrastructure hardening.
• Expert knowledge of cloud security principles and secure DevSecOps practices, including experience securing Kubernetes/containerized workloads, managing cloud identity (IAM), and establishing security baselines.
• Proficiency in scripting and automation (e.g., Python, Bash, PowerShell) to build scalable security tooling, including extensive experience with Infrastructure-as-Code (IaC) security and policy-as-code tools.
• Strong understanding of detection engineering, security operations workflows, and vulnerability management, with a specific focus on protecting cloud infrastructure and services.
• Hands-on experience (3+ years) with Cloud Security Posture Management (CSPM) tools, cloud security monitoring solutions, and security information/event management (SIEM).
• Solid grasp of modern attack techniques, threat actor behaviors, and vulnerability exploitation patterns in cloud environments (e.g., misconfigurations, cloud identity compromises).
• Curiosity-driven, operations-focused mindset with a passion for keeping adversaries out and operations resilient.
• Experience in building or running purple teaming activities is a strong plus, particularly penetration testing of cloud infrastructure and identifying design flaws.