Cloud Security Analyst
-
Contract Length: 6 Months
Location: Calgary or Edmonton, Alberta
-
Raise is currently hiring a Cloud Security Analyst on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client is a market leading financial institution
Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.
Description
As a Cloud Security Analyst, you will play a critical role in safeguarding our clients enterprise cloud ecosystem. This position is highly collaborative and technically focused, serving as the bridge between raw security telemetry and engineering execution. You will continuously monitor our Google Cloud Platform (GCP) environments, triage risk, and partner directly with cloud platform, DevOps, and application engineering teams to drive meaningful vulnerability remediation.
This isn't a role for a passive "scanner operator." You will actively hunt for misconfigurations, manage privilege risk, embed guardrails directly into CI/CD pipelines, and translate complex cloud threats into clear, actionable technical context for our engineering partners.
What Success Looks Like in this Role
-
First 30 Days: Gain a deep understanding of the clients current GCP footprint, take over administration of the Wiz platform, and build initial relationships with key Cloud and DevOps engineering leads.
-
First 90 Days: Successfully integrate Wiz platform findings into the enterprise WVRS framework for unified reporting, and establish a repeatable triage and intake pipeline for engineering teams.
-
Beyond: Drive a measurable reduction in cloud asset visibility gaps, significantly reduce stale or over-privileged service accounts, and shift security left by embedding standard baselines into Terraform repositories.
Responsibilities
-
Continuously monitor GCP environments for misconfigurations, vulnerabilities, exposed secrets, excessive permissions, and toxic combinations, and drive them to resolution.
-
Triage and prioritize cloud findings based on exploitability and business impact, and integrate scoring into enterprise vulnerability risk framework (WVRS) for unified reporting alongside application security findings.
-
Partner with cloud platform, DevOps, and application engineering teams to remediate findings, providing clear guidance and technical context rather than just raw scan output.
-
Maintain an accurate, continuously updated inventory of cloud assets, workloads, and identities to close visibility gaps and eliminate shadow infrastructure.
-
Define and maintain secure configuration baselines and guardrails for GCP, working with Platform/Cloud Engineering to embed controls into infrastructure-as-code and CI/CD pipelines.
-
Partner with Enterprise IAM to identify and reduce excessive cloud permissions, service account sprawl, and privilege escalation paths.
-
Own the intake, tracking, and escalation process for cloud security findings, ensuring clear ownership and SLA-driven remediation across engineering teams.
-
Perform ad hoc validation and risk reviews for high-risk changes, new cloud workloads, or emerging cloud threats.
-
Produce clear, recurring reporting on cloud risk posture, remediation velocity, and trends for technology leadership and governance stakeholders.
Stay current on cloud-native attack techniques, provider security capabilities, and evolving best practices, and bring recommendations back into the program.
-
Qualifications
-
3+ years of dedicated experience in cloud security, vulnerability management, or cloud engineering with a heavy security focus.
-
Experience working within an enterprise environment (financial services or regulated industries is a strong asset) utilizing structured vulnerability management frameworks.
-
Hands-on GCP Security Expertise: Deep technical understanding of Google Cloud Platform security controls, logging (Cloud Logging/Cloud Monitoring), and native security capabilities.
-
Cloud IAM & Privilege Risk Fluency: Strong grasp of cloud identity boundaries, least-privilege enforcement, service account governance, and cross-project access risks.
-
Wiz Platform Administration: Direct, hands-on experience administering and leveraging the Wiz platform to detect cloud risks, graph toxic combinations, and manage remediation workflows.
-
IaC & CI/CD Literacy: Functional understanding of infrastructure-as-code (Terraform) and modern deployment pipelines. Ability to read code and understand how to embed guardrails into engineering workflows.
-
Technical Influence & Remediation Driving: Proven ability to build strong relationships with developers and platform engineers, translating security vulnerabilities into clear, actionable engineering steps.
-
Education and Certifications
-
Degree or diploma in Computer Science, Cyber Security, Information Technology, or equivalent practical experience.
-
Valued certifications include: Google Certified Professional Cloud Security Engineer, Wiz Certified specialist designations, CISSP, or CCSP.
Additional Information
-
A requirement for candidates to be considered for this role will be to complete a criminal and credit check (including Canadian Credit Risk Score
Looking for meaningful work? We can help!
Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.
We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.
We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/
In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or [email protected].
#WES
#LI-SC1