Cloud Security Engineer

## About Polymarket Polymarket is the world's largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized "house," Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future. We're growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.

## What You'll Do - Own and continuously improve Polymarket's AWS security posture across accounts, regions, and services — including IAM policies, SCPs, VPC segmentation, and account-level security baselines - Review and contribute to IaC modules that encode security defaults; integrate automated security checks into the deployment pipeline including policy-as-code validation and misconfiguration scanning - Own cloud-side security telemetry: CloudTrail, GuardDuty, Security Hub, Config Rules, VPC Flow Logs, and S3 access logging - Develop and tune detection logic for cloud-specific threats; partner with the SOC team on alert fidelity, incident response runbooks, and AWS-level investigations - Govern secrets management using AWS Secrets Manager and SSM Parameter Store; manage KMS key policies, rotation, and envelope encryption patterns - Drive remediation of findings from AWS Inspector, Security Hub, and third-party CSPM tooling; maintain benchmarks aligned to CIS AWS Foundations - Support audit and compliance activities (SOC 2, PCI-DSS, or similar) and conduct regular access reviews to identify and remediate privilege creep

## What We're Looking For - 4+ years of experience in cloud security, cloud engineering, or a security-focused infrastructure role - Deep, hands-on expertise with AWS security services: IAM, SCP, GuardDuty, Security Hub, CloudTrail, Config, KMS, WAF, Inspector, and VPC - Hands-on experience writing infrastructure as code (Pulumi, Terraform, CDK, or equivalent) with a security-first mindset - Strong understanding of AWS networking and how misconfigurations translate to real attack surface - Proficiency in at least one scripting or programming language (Python, TypeScript, or Go) for automation and tooling - Ability to evaluate architectural decisions for security risk and communicate findings clearly to engineering peers - (Plus) Familiarity with Pulumi, specifically TypeScript-based stacks - (Plus) Familiarity with Web3, blockchain infrastructure, or crypto-sector threat models - (Plus) Experience securing containerized workloads on ECS or EKS, including image scanning and runtime security - (Plus) AWS certifications: Security Specialty, Solutions Architect — Professional, or equivalent - (Plus) Exposure to SOC 2 Type II or PCI-DSS cloud control requirements

## Benefits - Competitive salary & equity - Unlimited PTO - Full Health, Vision, & Dental coverage - 401k match - Hardware setup: new MacBook Pro, big display, & accessories

Polymarket is the world's largest prediction market platform where users trade on the outcomes of real-world events such as politics, sports, economics, and more, using USDC cryptocurrency on the Polygon blockchain. It provides real-time odds reflecting news, polls, and events, and operates globally with a US-regulated entity.