DevOps Engineer II (Cloud Security)

country: US all locations: [Boston, MA] commitment: department: location: Boston, MA team: Software RESPONSIBILITIES:: Design, implement, and manage scalable, secure cloud infrastructure in AWS using Infrastructure as Code (IaC) tools such as Terraform Build and manage IAM systems, access controls, and least-privilege policies to reduce risk and limit blast radius Implement automation and tooling to detect misconfigurations, privilege escalation risks, and anomalous behavior Build and maintain secure, reliable, and auditable AWS and Kubernetes environments across multiple accounts and services Improve secrets management, key rotation, and secure service-to-service authentication patterns Collaborate with platform, product, and data science teams to deliver resilient infrastructure that enables rapid product development and member trust. Contribute to the automation of cloud operations, from CI/CD pipelines to monitoring and alerting systems. Develop and enforce guardrails for cloud security and compliance, including IAM, backups, logging, and configuration management. Participate in incident response and troubleshooting for infrastructure and security events. Participate in audits and compliance efforts by ensuring infrastructure is observable, auditable, and well-documented Drive best practices in reliability, performance, cost optimization, and security across the platform. QUALIFICATIONS:: 2-4 years of experience in DevOps, Site Reliability Engineering, or Cloud Infrastructure roles Hands-on experience with AWS services, including IAM, VPC, EC2, S3, and CloudTrail Experience with Infrastructure as Code in production environments (Terraform preferred). Strong understanding of cloud security and reliability principles, including least privilege, logging/monitoring, resource isolation, and disaster recovery. Experience with containerized platforms such as Kubernetes or Amazon EKS. Proficiency with scripting or programming languages (Python, Go, Java, or Bash). Familiarity with CI/CD pipelines, secrets management, and automated security or reliability tooling. Strong problem-solving skills and ability to debug complex distributed systems Effective communication skills and ability to collaborate across teams BONUS QUALIFICATIONS:: Experience with cloud security tooling (e.g., CSPM, CNAPP, SIEM platforms) Experience with compliance frameworks (e.g. SOC 2, HIPAA, GDPR, SOX, and/or SaMD). Experience implementing policy-as-code or access control frameworks Exposure to modern edge and delivery technologies such as Cloudflare, CDN configuration, and TLS/SSL certificate management. ABOUT YOU:: You thrive on ownership and want to shape the foundation of WHOOP’s platform. You believe security should enable developers, not block them, and strive to build guardrails over gates You enjoy automating manual processes and building scalable solutions to reduce risk You are curious about how systems fail and motivated to proactively prevent issues You value simplicity, reliability, and clarity in system design You collaborate well across teams and communicate technical concepts clearly