Cloud Security Engineer

Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future. We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.

• •Own and continuously improve Polymarket's AWS security posture across accounts, regions, and services — including IAM policies, SCPs, VPC segmentation, and account-level security baselines
• •Review and contribute to IaC modules that encode security defaults; integrate automated security checks into the deployment pipeline including policy-as-code validation and misconfiguration scanning
• •Own cloud-side security telemetry: CloudTrail, GuardDuty, Security Hub, Config Rules, VPC Flow Logs, and S3 access logging
• •Develop and tune detection logic for cloud-specific threats; partner with the SOC team on alert fidelity, incident response runbooks, and AWS-level investigations
• •Govern secrets management using AWS Secrets Manager and SSM Parameter Store; manage KMS key policies, rotation, and envelope encryption patterns
• •Drive remediation of findings from AWS Inspector, Security Hub, and third-party CSPM tooling; maintain benchmarks aligned to CIS AWS Foundations
• •Support audit and compliance activities (SOC 2, PCI-DSS, or similar) and conduct regular access reviews to identify and remediate privilege creep

• •Competitive salary & equity
• •Unlimited PTO
• •Full Health, Vision, & Dental coverage
• •401k match
• •Hardware setup: new MacBook Pro, big display, & accessories

• •4+ years of experience in cloud security, cloud engineering, or a security-focused infrastructure role
• •Deep, hands-on expertise with AWS security services: IAM, SCP, GuardDuty, Security Hub, CloudTrail, Config, KMS, WAF, Inspector, and VPC
• •Hands-on experience writing infrastructure as code (Pulumi, Terraform, CDK, or equivalent) with a security-first mindset
• •Strong understanding of AWS networking and how misconfigurations translate to real attack surface
• •Proficiency in at least one scripting or programming language (Python, TypeScript, or Go) for automation and tooling
• •Ability to evaluate architectural decisions for security risk and communicate findings clearly to engineering peers
• •(Plus) Familiarity with Pulumi, specifically TypeScript-based stacks
• •(Plus) Familiarity with Web3, blockchain infrastructure, or crypto-sector threat models
• •(Plus) Experience securing containerized workloads on ECS or EKS, including image scanning and runtime security
• •(Plus) AWS certifications: Security Specialty, Solutions Architect — Professional, or equivalent
• •(Plus) Exposure to SOC 2 Type II or PCI-DSS cloud control requirements