This position is a temporary assignment. As a contractor, you’ll be employed by Magnit, not The Cigna Group or any subsidiaries of The Cigna Group.

Alternate Title: 

Sr. Cloud Security Engineer

Location/Schedule:

Bloomfield, CT onsite minimum of 3 days per week, 9:00 AM - 5:30 PM M-F with occasional off-hours

Role Summary:

This role is a hands-on cloud and application security engineering position focused on modernizing and operating AWS WAF, API security, and application security posture at scale. The work emphasizes automation, policy-as-code, AI assisted analysis, and operational execution, with minimal emphasis on leadership or executive engagement. The contractor will design, build, tune, and operate AWS WAF and API security capabilities, migrate WAF policy management to GitHub based CI/CD, enhance visibility through AWS Security Lake, and automate remediation workflows to reduce manual effort and improve detection fidelity.

Primary Responsibilities:

• Implement, operate, and tune AWS WAF, Firewall Manager, Shield Advanced, and related AWS security services.
• Migrate and maintain AWS WAF policies as code using GitHub SaaS, including CI/CD workflows, versioning, testing, and rollback.
• Build automation (Terraform, Python) to deploy, manage, and validate WAF and application security controls at scale.
• Integrate WAF, API, and application security telemetry into AWS Security Lake to support detection, investigation, and analytics.
• Apply AI assisted techniques to:
  • Reduce WAF false positives
  • Improve rule tuning and coverage
  • Accelerate threat detection and log analysis
  • Develop automation and scripts to produce actionable outputs from the API Ownership Framework, improving visibility and accountability.
  • Evaluate and enhance application security posture management (ASPM) and API ownership across cloudnative applications.
  • Define and implement No name remediation requirements, ensuring API posture findings are prioritized, actionable, and consumable by engineering teams.
  • Support day to day operations of cloud and application security tooling, including troubleshooting, optimization, and routine automation.
• Partner directly with application and platform engineers to integrate WAF, API, and application security controls into CI/CD pipelines.

Required Skills & Experience:

• Strong hands-on experience with AWS WAF operations and tuning
• Practical experience with policy-as-code and GitHub based CI/CD pipelines
• Experience integrating security logs and findings into AWS Security Lake or similar platforms
• Hands-on experience with API security platforms (e.g., Noname or equivalent)
• Strong automation skills using Terraform and Python
• Experience with application security posture management and cloudnative architectures (containers, serverless, microservices)
• Ability to translate security findings into clear, actionable remediation guidance

Experience & Education:

• Bachelor’s degree in Computer Science or related field (or equivalent experience) is preferred but not requred
• 8+ years of hands-on security engineering experience, primarily in cloud, application, or API security · AWS Security Specialty, GIAC Cloud Security Automation (GCSA) and/or CCSP preferred

Hourly Pay Rate Range (dependent on location, experience, expectation)  

The pay range that Magnit reasonably expects to pay for this position is: $65.00/hour-$70.00/hour  

Benefits: Medical, Dental, Vision, 401K (provided minimum eligibility hours are met) 

We are unable to provide visa sponsorship or STEM OPT training

Tundra Technical Solutions (the operator of this Talent Community) is a global leader of contingent talent services. Our success and our clients’ success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Unincorporated LA County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations. 

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.