Cloud Security Engineer, Sr

Old National Bank has been serving clients and communities since 1834. With over $70 billion in total assets, we are a regional powerhouse deeply rooted in the communities we serve. As a trusted partner, we thrive on helping our clients achieve their goals and dreams, and we are committed to social responsibility and investing in our communities through volunteering and charitable giving.

We continually seek highly motivated and talented individuals as our people are critical to our success. In return, we offer competitive compensation with our salary and incentive program, in addition to medical, dental, and vision insurance. 401K, continuing education opportunities and an employee assistance program are also included in our benefit suite. Old National also offers a variety of Impact Network Groups led by team members who are passionate about driving engagement, creating awareness of diverse backgrounds and experiences, and building inclusion across the organization. We offer a unique opportunity to join a growing, community and client-focused company that is firmly rooted in its core values.

Old National Bank seeks an experienced Cloud Security Engineer with deep expertise in AWS and Azure security services, infrastructure as code, identity and access management, and leading third-party security tools. The ideal candidate has hands-on experience designing, implementing, and maintaining security controls across multi-cloud environments, as well as embedding security into the software development lifecycle (SSDLC) using Infrastructure as Code (IaC) through Terraform and CI/CD automation.

This role requires strong technical acumen, a proactive security mindset, and the ability to collaborate effectively across InfoSec, platform engineering, data engineering, and application development teams.

Salary Range

The salary range for this position is $98,400.00/Yr. - $199,000.00/Yr.. The base salary indicated for this position reflects the compensation range applicable to all levels of the role across the United States. Actual salary offers within this range may vary based on a number of factors, including the specific responsibilities of the position, the candidate's relevant skills and professional experience, educational qualifications, and geographic location.

Key Accountabilities

Cloud Security Architecture & Engineering

Design, implement, and maintain secure landing zones across AWS and Azure, using preventive guardrails to block deployment of security misconfigurations.
• Leverage cloud-native security services such as:
• AWS: IAM, KMS, Secrets Manager, Service Control Policies, Security Hub, GuardDuty, CloudTrail, Config, WAF, Inspector, etc.
• Azure: Azure AD, Defender for Cloud, Key Vault, Security Center, Sentinel, Policies, etc.
• Develop and enforce cloud security baselines, guardrails, and configuration standards.
• Support the creation and refinement of cloud control narratives that assert the security posture of our cloud landing zones.
• Implement deep observability to unify logs and metrics across multiple services to derive both real-time and historical insights.

Cloud Identity & Access Management

• Develop, manage, and engage in code review of complex IAM policies that define cross-account access patterns, ensuring adherence to the Principle of Least Privilege.
• Implement Just-in-Time access workflows that avoid long-lived credentials.
• Support emerging use cases for cloud with bespoke IAM identity and policies that maintain security posture and data privacy.

Vulnerability & Threat Management

• Utilize enterprise security tools such as Tenable, Qualys, and Snyk to:
• Identify, prioritize, and remediate vulnerabilities across cloud workloads.
• Track and report security posture improvements.
• Integrate automated scanning into CI/CD pipelines.

Secure SDLC & DevSecOps Integration

• Embed security early in the Secure Software Development Lifecycle (SSDLC).
• Partner with development teams to implement automated security testing.
• Integrate SAST, SCA, and IaC scanning tools into CI/CD pipelines.

Infrastructure as Code & Automation

• Write, review, and maintain Terraform configurations for cloud resource deployment.
• Implement automated security controls and monitoring via IaC.
• Build and maintain secure-by-default Terraform modules that enforce least privilege, encryption, and compliance requirements.

Monitoring, Detection, & Incident Response

• Develop and fine-tune cloud security monitoring using native and third-party tools.
• Assist in cloud-focused incident management/response, log analysis, forensics, and root cause investigations.
• Develop detective, preventive, and proactive controls to identify, prevent, and remediate security misconfigurations and anomalous activity.

Governance, Risk, & Compliance

• Ensure cloud environments align with frameworks such as NIST, CIS Benchmarks, SOC2, and ISO27001.
• Perform continuous compliance checks using AWS Config, Azure Policies, Terraform policies (OPA), and scanning tools.
• Support internal and external cloud security audits.

Key Competencies for Position

• Develops Talent - You Own You -You own your development and career. Actively assesses self by leveraging feedback to enhance knowledge, skills and behavior. Leverages own strengths and those of team members to meet individual and team goals supporting both internal and external client needs. Continuously develops self for current and future roles.
• Promotes Change - Actively seeks information to understand the rationale, implications, and impact for changes. Remains agile by quickly modifying daily behavior, leveraging resources, and trying new approaches to effectively embrace change. Willing to act quickly, learn and adjust as needed. Identifies and recommends changes to leadership to improve performance. Aligns activities to meet individual, team and organizational goals
• Strategy in Action - Breaks down larger goals into smaller achievable goals and communicates how they are contributing to the broader goal. Actively seeks to understand factors and trends that may influence role. Anticipates risks and develops contingency plans to manage risks. Identifies opportunities for improvement and seeks insights from other sources to generate potential solutions. Aligns activities to meet individual, team and organizational goals.
• Compelling Communication - Effectively and transparently shares information and ideas with others. Tailors the delivery of communication in a way that engages the audience and that is easy to understand and retain. Unites others towards common goal. Asks for others' opinions and ideas and listens actively to gain their support when clarifying expectations, agreeing on a solution and checking for satisfaction.
• Makes Decisions & Solves Problems - Takes ownership of the problem while collaborating with others on a resolution with an appropriate level of urgency. Collaborates and seeks to understand the root causes of problems. Evaluates the implications of new information or events and recommends solutions using decisions that are sound based on what is known at the time. Takes action that is consistent with available facts, constraints and probable consequences.
• Delights Clients -. Passionately serves internal/external clients with excellence. Maintains a growth mindset staying current with developments and trends in areas of expertise influencing client satisfaction both internally and externally. Understands data, metrics and/or financial information, and how they tie to client satisfaction and business outcomes related to position, client and/or team. Nurtures client relationships by listening, prioritizing, and acting responsibly to meet client needs, mitigate risk and add shareholder value.
• Leads Inclusively - Seeks diverse relationships to learn more about people from other cultures and backgrounds. Gathers information with curiosity and humility to learn more about people from other cultures and backgrounds including impacts on norms, behaviors and expectations (e.g., social norms, decision-making approaches, and preferences) Advocates for diverse perspectives. Continually examines own biases and behaviors to avoid stereotypical responses.
• Personifies ONB Culture - Consistently demonstrates Old National's culture and values in daily interactions. Models our values -how we show up in the workplace. Places the organization's goals before individual or team goals. Demonstrates the desire to be part of something beyond themselves by investing time, heart, and expertise to help clients and communities thrive.

Qualifications and Education Requirements

• 5-7+ years of experience in cloud security engineering or related roles.
• Deep practical knowledge of AWS and Azure security services.
• Proficiency with HashiCorp Terraform.
• Hands-on experience with Tenable, Qualys, Snyk, or similar vulnerability/scanning tools.
• Expertise in observability and incident management
• Strong understanding of:
• Identity and access management
• Network security and zero trust principles
• Encryption, key management, secrets management
• Data privacy best practices
• Experience implementing security practices in GitOps environments.
• Strong communication and documentation abilities
• Collaborative mindset with a focus on partnering with engineering teams
• Ability to manage multiple priorities and drive security initiatives independently

Preferred Qualifications

• Certifications such as:
• AWS Security Specialty, Azure Security Engineer Associate, CISSP, CCSP, GIAC Cloud Security (GCSA/GCLD)
• Experience with:
• Policy-as-code frameworks (OPA/Rego, HashiCorp Sentinel)
• Platform-as-a-Service and serverless services (AWS Lambda, DynamoDB, API Gateway, Azure Functions, etc.)
• Strong scripting skills (Python, Bash, PowerShell).

Old National is proud to be an equal opportunity employer focused on fostering an inclusive workplace and committed to hiring a workforce comprised of diverse backgrounds, cultures and thinking styles.

As such, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.

We do not accept resumes from external staffing agencies or independent recruiters for any of our openings unless we have an agreement signed by the Director of Talent Acquisition, SVP, to fill a specific position.

Our culture is firmly rooted in our core values.

We are optimistic. We are collaborative. We are inclusive. We are agile. We are ethical.

We are Old National Bank. Join our team!