Cloud Security Engineer

Reports To: Head of Information Security

Happy Returns’ mission is to make returns easier for shoppers and more efficient for retailers, transforming returns from a costly friction point into a smooth, sustainable part of the e-commerce experience. We are an innovative, AI-driven company building secure, scalable, and intelligent solutions that empower our clients and internal teams alike. Our culture values curiosity, adaptability, and the drive to turn complex challenges into elegant, secure solutions.

The Cloud Security Engineer will play a critical role in designing, implementing, and maintaining secure cloud environments and DevSecOps initiatives. You will integrate automated security testing throughout the software development lifecycle (SDLC) and work closely with Engineering, Product, and IT teams to embed security by design across our cloud-native infrastructure.This position reports to the Head of Information Security. This role serves as the primary owner of Application Security across the organization and is responsible for driving secure development practices end-to-end.

It is ideal for a hands-on security engineer who thrives in collaborative, high-velocity environments and is passionate about security automation, compliance, and continuous improvement.

· Design, implement, and maintain secure CI/CD pipelines and workflows with automated SCA, SAST, and DAST scanning tools and processes.· Integrate security controls, guardrails, and validation checks into DevOps processes using leading technologies (e.g., GitHub Actions, Veracode, etc.)· Evaluate, deploy, and manage the next generation of application and infrastructure security tools and processes to support continuous monitoring and vulnerability management.· Partner with development and infrastructure teams to remediate identified risks, ensuring alignment with Happy Returns and Industry security best practices and compliance standards.· Hands-on experience performing both manual and automated web application/API security assessments, identifying and validating vulnerabilities, as well as verifying remediation efforts.· Manage and monitor the Application Security and cloud infrastructure (AWS) using Datadog, CloudWatch, CloudTrail, etc.· Collaborate with compliance and privacy teams to ensure adherence to data protection regulations (GDPR, CCPA, etc.) and company privacy principles.· Support secure integration and governance of SaaS applications and enterprise platforms.· Lead the evolution of our software security automation, threat modeling, and DevSecOps practices.

· Bachelor’s degree in computer science, Cybersecurity, or a related field (or equivalent experience).· Minimum of 5 years of hands-on experience in DevSecOps, Cloud Security, or related roles.· Must be a collaborative, team-oriented, self-starter capable of completing your workload with minimal supervision. Accountability is essential. Innovation is mandatory.· Proven experience securing CI/CD pipelines and embedding automated SCA, SAST, and DAST tools and modern DevSec processes.· Strong understanding of AWS security principles, including IAM, KMS, CloudTrail, Guard Duty, WAF, and related services.· Experience with Infrastructure-as-Code (IaC) security (Terraform, Pulumi, CloudFormation).· Ability to understand open source languages and how they are packaged in CI-CD workflows.· Experience with Scripting languages, Lambda functions, and automation principles.· Familiarity with compliance frameworks (SOC 2, ISO 42001, NIST, or similar).· Deep understanding of modern SDLC, containerization (Docker, Kubernetes), and API security practices.· The candidate must possess a strong background in offensive security testing, including penetration testing, threat modeling, and exploit discovery, to evaluate and enhance Happy Returns’ security posture.· Understanding and exposure to GenAI and AI Coding tools and concepts.· Strong analytical and problem-solving skills with the ability to translate complex issues into actionable solutions.

· Experience with SaaS application security, integration, and ticketing processes.· Working knowledge of Entra ID (Azure AD) and Microsoft 365 security features.· Experience with privacy and data protection regulations and privacy by design principles (GDPR, CCPA, etc.).· Relevant certifications (e.g., AWS Certified Security – Specialty, CISSP, CCSP, GIAC Cloud Security Engineer). 56100.00 To 188900.00 (USD) Annually