SR Cloud Security Engineer
<p><b>A World-Class Team</b></p><p></p><p>BJs Wholesale Club is powered by more than 30,000 team members who make a real impact every day. Whether you're stocking shelves, solving problems or shaping strategy, your work helps families save on what matters most.</p><p></p><p> Were a team built on purpose and opportunity. Join us and be part of something meaningful.</p><p></p><p><b> Why Youll Love Working at BJs</b></p><p>At BJs Wholesale Club, our team members are at the heart of everything we do. Thats why we offer a comprehensive benefits package designed to support your health, well-being and future both on and off the job. When you grow, we grow.</p><p></p><p><b> Heres just some of what you can look forward to:</b></p><ul><li><b>Weekly Pay: </b>Get paid every weekso that you can manage your money on your terms.</li><li><b> Free BJs Memberships: </b>Enjoy a complimentary The Club Card Membership, plus a free Supplemental Membership for someone in your household.*</li><li><b>Generous Paid Time Off: </b>Take the time you need with vacation, personal, sick days, holidays, bereavement, and jury duty leave.*</li><li><b>Flexible and Affordable Health Benefits: </b>Choose from three medical plans, and access optional dental, vision, Health Savings Account (HSA), and flexible spending account options to fit your lifestyle.*</li><li><b>401(k) Retirement Savings Plan: </b>Build your financial future with a company match (available to team members 18 and older).*</li><li><b>Employee Stock Purchase Plan:</b> Accumulate funds through after-tax payroll deductions that can be used to purchase shares of BJs common stock at a 15% discount.*</li></ul><p></p><p>*Eligibility requirements vary by position.</p><p><b> Job Summ</b>ary:</p><p>BJs is seeking a Cloud Security Engineer to help secure and operate our cloud environments across AWS, Azure, and GCP. This is a handson engineering role responsible for evaluating cloud and application designs, operating cloud security tooling, and driving remediation of security findings in partnership with engineering and platform teams.</p><p> The Cloud Security Engineer plays a key role in strengthening cloud security posture by balancing security requirements with operational realities. This role is wellsuited for an engineer who can work independently, apply sound technical judgment, and collaborate across teams to reduce risk and improve security outcomes at scale.</p><div></div><p><b> What Youll Do</b></p><ul><li>Perform security architecture and design reviews for cloud services, applications, and technologies, providing clear and actionable guidance to engineering teams.</li><li> Evaluate cloud designs for security controls including identity and access management, encryption, logging, monitoring, and network protections.</li><li> Contribute to the definition and ongoing improvement of cloud security standards, reference architectures, and configuration baselines.</li><li> Implement, operate, and tune security tooling used for visibility, monitoring, detection, and response across AWS, Azure, and GCP.</li><li> Own the triage, validation, prioritization, and remediation tracking of cloud security findings generated by CSPM and related tooling.</li><li> Partner with cloud, infrastructure, and application teams to ensure remediation is effective and sustainable.</li><li> Identify opportunities to automate repetitive security tasks or control validations to improve efficiency, consistency, and scalability of cloud security operations.</li><li> Support infrastructure hardening and patch compliance efforts across cloud and onprem environments.</li><li> Perform riskbased analysis of vulnerability findings, including false positive validation and remediation tracking.</li><li> Work with platform and operations teams to improve vulnerability management and patching workflows over time.</li><li> Review application designs and implementation patterns to ensure alignment with Secure SDLC and secure coding expectations.</li><li> Support application security activities including static, dynamic, and dependency scanning and analysis.</li><li> Assist development teams in understanding and remediating application security findings.</li><li> Provide operational support for web application security technologies such as Web Application Firewalls (WAF) and related edge controls, including Akamai where applicable.</li><li> Support certificate lifecycle management by maintaining inventory accuracy, tracking renewals, coordinating deployments, and reducing certificaterelated risk.</li><li> Contribute to improving certificate management processes, documentation, and visibility.</li><li> Develop and maintain security documentation, runbooks, and standard operating procedures.</li><li> Contribute to metrics and reporting that provide visibility into cloud and application security risk.</li><li> Participate in security initiatives and continuous improvement efforts by contributing handson execution and technical insight.</li></ul><p></p><p><b> What Were Looking For</b></p><p><b>Required Qualifications:</b></p><ul><li>Bachelors degree in Computer Science, Information Security, or equivalent practical experience.</li><li> 46 years of handson experience in cloud engineering, systems engineering, or security engineering roles.</li><li> Experience securing workloads in AWS, Azure, and/or GCP.</li><li> Strong understanding of cloud security controls including IAM, logging, monitoring, encryption, and threat detection.</li><li> Experience operating security controls in highly available, production environments.</li><li> Handson experience with scripting or automation (Python, Bash, PowerShell).</li><li> Working knowledge of infrastructureascode or configuration management tools such as Terraform, CloudFormation, ARM, Puppet, or Ansible.</li><li> Understanding of Secure SDLC concepts and common application security controls.</li><li> Familiarity with security frameworks or compliance requirements such as NIST, PCI DSS, CIS, or ISO 27001.</li><li> Strong communication skills and ability to collaborate effectively with engineering teams.</li></ul><p></p><p><b> Nice to Have</b></p><ul><li>Experience operating CSPM tooling and driving remediation of cloud configuration findings.</li><li> Exposure to application security tools such as SAST, SCA, or DAST.</li><li> Familiarity with certificate management platforms or enterprise PKI (e. g., DigiCert, AppViewX).</li><li> Experience with edge or application security technologies such as Akamai Control Center or Akamai WAF.</li><li> Prior involvement in vulnerability management or security operations programs.</li><li> Experience with containerized environments (Docker required; Kubernetes preferred).</li></ul><p></p><p><b> Preferred Certifications</b></p><ul><li>CompTIA Security+</li><li>AWS or Azure Security certifications</li><li>CCSP</li></ul><p></p><p style="text-align:inherit"></p><p style="text-align:inherit"></p><p style="text-align:left"><span>This is a hybrid role. Tuesday through Thursday are in-office days at BJ's Club Support Center in Marlborough, MA and Monday and Friday are remote days.</span></p><p style="text-align:inherit"></p><p style="text-align:inherit"></p> In accordance with the Pay Transparency requirements, the following represents a good faith estimate of the compensation range for this position. At BJs Wholesale Club, we carefully consider a wide range of non-discriminatory factors when determining salary. Actual salaries will vary depending on factors including but not limited to location, education, experience, and qualifications. The pay range for this position is $100,000.00 - $131,500.00<p></p><p></p>We recognize the growing role of AI tools, including ChatGPT, and value familiarity with them. That said, we want to hear from your authentic self. Your application should reflect your own skills, experiences, and insights rather than AI-generated responses.
|
