Security Cloud Architect

Job Summary

WEX, Inc. is looking for a Security Architect with a focus on cloud security posture management CSPM and infrastructure-as-code IaC security. This individual is responsible for the continuous assessment and validation of security configurations across our multi-cloud AWS, Azure, GCP and Kubernetes environments. You will ensure security policies are correctly applied and identify configuration drift using automated tooling to reduce the organization’s attack surface.

About the Team & Role

We’re the Global Information Security Team at WEX, responsible for implementing and operating security technologies and processes throughout WEX. We partner closely with internal teams and customers to assure WEX operates in a secure and compliant manner. Our team holds itself to a high-standard and we collaborate closely with one another to ensure strong, reliable and effective relationships. We own our results and we take pride of ownership in everything we do.

Changing the world isn’t easy, and we have a lot of work ahead of us. From securing applications, data centers and cloud resources, we’ve got more work than we can handle and we’re looking for great people to come along for the ride. 

How you’ll make an impact

• Cloud Security Posture Management (CSPM): Operate and tune the organization’s CSPM platforms to provide continuous visibility into the security posture of cloud accounts and Kubernetes clusters.
• IaC Security & Automation: Manage and utilize IaC scanning tools (e.g., Checkov, Terrascan) within CI/CD pipelines to identify and remediate risks before they reach production.
• Design Validation & Standardization: Conduct technical design reviews for cloud solutions to ensure they adhere to multi-cloud security reference architectures and IaaS/PaaS security baselines.
• Remediation & Code Fixes: Work directly with DevOps teams to propose code-level fixes (Pull Requests) for non-compliant Terraform or CloudFormation templates.
• Container Security Support: Collaborate with the other security team members to interpret vulnerability findings and align remediation priorities for image and registry scanning.
• Continuous Monitoring: Conduct regular security health checks on high-risk environments and track remediation efforts to resolution.

Experience you’ll bring

• Are a Subject Matter Expert in cloud-native security controls across multiple providers AWS, Azure, and/or GCP.
• Have deep experience with Infrastructure-as-Code (Terraform, CloudFormation) and how to secure it through automated scanning.
• Understand the security nuances of Kubernetes and containerized workloads.
• Can deliver actionable security guidance that bridges the gap between a high-level security policy and a low-level technical implementation.
• Write comprehensive reports and remediation plans based on CSPM and IaC assessment findings.
• Have solid progressive experience in information security, cloud engineering, or systems administration.
• Hands-on experience with native security controls in multi-account cloud environments.
• Have some experience with CSPM tools and IaC scanning technologies.
• Are proficient in reviewing and troubleshooting Infrastructure-as-Code (Terraform or similar).
• Have a strong, practical understanding of CI/CD pipelines and how to integrate security gates within them.
• Have excellent communication skills, both written and verbal.

It would be nice if you have:

• Experience or strong interest in Cloud and Kubernetes penetration testing or adversarial simulation.
• Experience contributing to Service Control Policies (SCPs) or cloud-wide governance policies.
• Relevant cloud security certifications (e.g., AWS Certified Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer).
• Proficiency in scripting (Python, Go, or Bash) for security automation.