Job Description
            
                **Our mission is to make higher education accessible and affordable for everyone.**  We empower students with financial support and supercharge their ability to pay down their debt, so they can get on the right financial track, fast.
We build tools that help people feel in control of their financial future, including:
+  **Private student loans**  - low rates, people-first service, and flexible payments.
+  **Student loan refinancing**  - break free from high-interest rates or monthly payments.
+  **Scholarships**  - access to thousands of scholarships to help students pay less.
Earnies are committed to helping students live their best lives, free from the stress of student debt.
If you’re as passionate as we are about our mission, read more below, and let’s build something great together!
**The Senior Cloud Security Engineer position will report to the Head of Security.**
**As the Senior Cloud Security Engineer, you will:**
+ Partner with Infrastructure Engineering to align security controls with architecture, participating in design reviews and threat modeling sessions.
+ Lead infrastructure-focused security initiatives that strengthen system resilience, like backup integrity and network access control.
+ Manage and tune web protection platforms including WAF, bot mitigation, and DDoS tools, collaborating with teams to harden externally exposed services and reduce false positives.
+ Operate and maintain cloud-native security tools including CSPM, XDR, DLP, and CASB to protect sensitive data, detect cloud threats, secure SaaS usage, and enforce secure cloud configurations.
+ Apply secure configuration baselines acrossAWS, Kubernetes, and containerized environments, integrating them into IaC workflows and CI/CD pipelines to support secure-by-default deployments.
+ Implement secure access technologies including VPNs, remote access, identity-aware proxies, and zero-trust networking solutions, tightly integrating IAM and monitoring across AWS and SaaS platforms.
+ Build and maintain infrastructure telemetry pipelines  that feed SIEM, and IDS platforms, correlating events with vulnerability scanning data and tuning detections in collaboration with Security Operations.
+ Automate control enforcement using policy-as-code and integrate cloud telemetry with GRC platforms to streamline compliance workflows and evidence collection.
**About You:**
+ 6+ years of experience in security engineering, infrastructure security, or cloud security roles.
+ 2+ years focused on AWS cloud environments, including security tooling and service hardening.
+ Hands-on experience with SIEM, CSPM, XDR/EDR, CASB, vulnerability scanners, WAF, and DNS filtering.
+ Strong scripting or programming experience (Python, Go, Shell, or equivalent).
+ Familiarity with IaC and cloud automation tools (e.g., Terraform, Ansible, CloudFormation).
**Even Better:**
+ Professional security certifications (e.g., AWS Security Specialty, GCLD, CCSP, CCSK).
+ Experience with container runtime security and Kubernetes RBAC controls.
+ Familiarity with immutable infrastructure concepts and backup resiliency practices.
+ Working knowledge of regulatory frameworks like SOC 2, FFIEC, GLBA, or NY DFS.
+ Experience supporting detection infrastructure and compliance automation.
**Where:**
+ This role will be based in the US.
#LI-NS1
A little about our pay philosophy: We take pride in compensating our employees fairly and equitably.
We are showcasing a range of your potential base salary based on the roles location.
The successful candidate’s starting pay will also be determined based on job-related qualifications, internal compensation, candidate location and budget.
This range may be modified in the future.
Pay Range
$158,000—$198,000 USD
**Earnest believes in enabling our employees to live their best lives.
We offer a variety of perks and competitive benefits, including:**
+ Health, Dental, & Vision benefits plus savings plans
+ Mac computers + work-from-home stipend to set up your home office
+ Monthly internet and phone reimbursement
+ Employee Stock Purchase Plan
+ Restricted Stock Units (RSUs)
+ 401(k) plan to help you save for retirement plus a company match
+ Robust tuition reimbursement program
+ $1,000 travel perk on each Earnie-versary to anywhere in the world
+ Competitive days of annual PTO
+ Competitive parental leave
**What Makes an Earnie:**
At Earnest, our people bring our cultural principles to life.
These principles define how we work, how we win, and what we expect of ourselves and each other:
+  **Every Second Counts** : Speed is our competitive advantage.
Our customers need better solutions, and the faster we execute, the greater our chance of success.
+  **Choose To Do Hard Things** : We win by tackling the hard things that others avoid, fueled by grit and resilience.
+  **Pursue Excellence** : Great companies, teams, and individuals never settle and are proud of the work that they do.
What’s good enough today won’t be good enough tomorrow.
Excellence isn’t a destination; it’s a mindset of continuous improvement.
+  **Lead Together** : Our success comes from how we work together.
Leadership is not about titles—it is about action.
We take ownership, drive results, and move forward as a team.
+  **Don’t Take Yourself Too Seriously** : We take our work seriously, not ourselves.
The stakes are high, but a sense of humor keeps us grounded, creative, and resilient.
**At Earnest, we are committed to building an environment where our employees feel included, valued, and heard.
Our belief is that a strong commitment to diversity, inclusion, equity, and belonging enables us to move forward with our mission.
We are dedicated to adding new perspectives to the team and encourage anyone to apply if your experience is close to what we are looking for.**
_Earnest provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, veteran status, disability or genetics.
Qualified applicants with criminal histories will be considered for the position in a manner consistent with the Fair Chance Ordinance._