Remote; New York
Full time
Remote
Engineering
Polymarket is the world’s largest prediction market platform. We enable individuals to express views on real-world events by trading on outcomes across politics, economics, sports, culture, and current affairs. Built as a peer-to-peer marketplace with no centralized “house,” Polymarket aggregates diverse opinions into transparent, market-based probabilities that reflect collective expectations about the future.
We’re growing fast — both in terms of volume ($21B traded in 2025) and adoption as an alternative news source. Our ambition is to become a ubiquitous beacon of truth in global media and we need your help adding fuel to the fire.
Polymarket is hiring a Cloud Security Engineer to own the security posture of our AWS environment. You’ll be embedded in our engineering and security teams, designing and enforcing security controls directly in infrastructure code, building guardrails that scale with the product, and reducing risk without slowing down engineering velocity.
This role is hands-on and highly cross-functional. You’ll work closely with DevOps, Platform, and Application Engineering to make secure-by-default the path of least resistance.
Own and continuously improve Polymarket’s AWS security posture across accounts, regions, and services — including IAM policies, SCPs, VPC segmentation, and account-level security baselines
Review and contribute to IaC modules that encode security defaults; integrate automated security checks into the deployment pipeline including policy-as-code validation and misconfiguration scanning
Own cloud-side security telemetry: CloudTrail, GuardDuty, Security Hub, Config Rules, VPC Flow Logs, and S3 access logging
Develop and tune detection logic for cloud-specific threats; partner with the SOC team on alert fidelity, incident response runbooks, and AWS-level investigations
Govern secrets management using AWS Secrets Manager and SSM Parameter Store; manage KMS key policies, rotation, and envelope encryption patterns
Drive remediation of findings from AWS Inspector, Security Hub, and third-party CSPM tooling; maintain benchmarks aligned to CIS AWS Foundations
Support audit and compliance activities (SOC 2, PCI-DSS, or similar) and conduct regular access reviews to identify and remediate privilege creep
4+ years of experience in cloud security, cloud engineering, or a security-focused infrastructure role
Deep, hands-on expertise with AWS security services: IAM, SCP, GuardDuty, Security Hub, CloudTrail, Config, KMS, WAF, Inspector, and VPC
Hands-on experience writing infrastructure as code (Pulumi, Terraform, CDK, or equivalent) with a security-first mindset
Strong understanding of AWS networking and how misconfigurations translate to real attack surface
Proficiency in at least one scripting or programming language (Python, TypeScript, or Go) for automation and tooling
Ability to evaluate architectural decisions for security risk and communicate findings clearly to engineering peers
(Plus) Familiarity with Pulumi, specifically TypeScript-based stacks
(Plus) Familiarity with Web3, blockchain infrastructure, or crypto-sector threat models
(Plus) Experience securing containerized workloads on ECS or EKS, including image scanning and runtime security
(Plus) AWS certifications: Security Specialty, Solutions Architect — Professional, or equivalent
(Plus) Exposure to SOC 2 Type II or PCI-DSS cloud control requirements
Competitive salary & equity
Unlimited PTO
Full Health, Vision, & Dental coverage
401k match
Hardware setup: new MacBook Pro, big display, & accessories
Other similar jobs that might interest you
