Principal, Cloud Security Engineer

About Us
Mercedes-Benz is USA is responsible for the sales, marketing and service of all Mercedes-Benz and Maybach products in the United States. In our people, you will find tremendous commitment to our corporate values. Our products and employees reflect this dedication. We are looking for diverse top-notch individuals to join the Mercedes-Benz Team and uphold these hallmarks.

Job Overview

We are seeking a highly skilled and proactive individual to design, implement, and maintain secure cloud infrastructure across multi cloud environments (Azure, AWS, GCP). This role ensures alignment with enterprise security policies and regulatory requirements while safeguarding cloud assets, maintaining compliance, and supporting secure digital transformation initiatives.

The Principal, Cloud Security Engineer contributes to the development of the system design and application architecture and ensures that the security requirements, RISE (Regulations for Information Security) will be fulfilled by the project and thus information security risks are mitigated.

This role will lead the team through establishing highly effective policies based on the RISE Cybersecurity Framework, establishing sustainable processes for assessing and tracking cybersecurity risk, performing security control testing, and delivering performance metrics and reporting for each program under its management scope.

Experience or familiarity with the use of AI driven security technologies, including generative AI, AI/ML, and intelligent or autonomous agents, to support cloud security operations, threat detection, vulnerability management, risk management, and compliance activities, in accordance with enterprise AI governance and security standards, is preferred.

Candidate will possess a strong understanding of the RISE Cybersecurity Framework, understanding of performing risk assessment, as well as performing technical control assessment.
 

Responsibilities

Cloud Security Operations & Governance
• Lead cloud security governance for all cloud-hosted applications and services, ensuring alignment with RISE security requirements and Mercedes-Benz cloud security standards.
• Conduct cloud application and architecture security reviews to ensure compliance with security policies, data protection requirements, and regulatory standards.
• Develop, Manage and enhance cloud security dashboards (e.g., workload protection, posture management, policy compliance, vulnerability trends).
• Oversee Cloud Security Posture Management (CSPM), ensuring continuous compliance monitoring, remediation tracking, and risk reporting.
• Ensure proper configuration, provisioning, and ongoing assessment of cloud environments across AWS, Azure, and other MB-approved cloud platforms.
• Support secure cloud migration initiatives by embedding security controls, encryption, identity practices, and workload protection early in the lifecycle.
• Coordinate cloud-related security incidents, investigations, and SOC escalations.
• Perform cloud vulnerability management activities including code scanning, FOSS, GitHub, and Qualys scans for cloud workloads.
• Support implementation of zero-trust principles in cloud networks, applications, and identity structures.

SDLC – Security Implementation on SDLC Gates
Secure Development Lifecycle Integration
• Embed cybersecurity requirements at all SDLC gates, ensuring security acceptance criteria are fulfilled before progressing to next stages.
• Collaborate with development and architecture teams to define security technical requirements and validate their implementation.
• Support security in DevOps/DevSecOps processes, including CI/CD pipeline checks, automated scanning, and secure coding practices.
• Perform technical control assessments throughout the SDLC, including code reviews, architecture reviews, and threat modeling.
• Ensure vulnerabilities identified through SAST, DAST, dependency checks, and container scans are properly triaged and remediated.
• Work with application teams to implement countermeasures and design secure solutions that meet business and compliance needs.
• Provide guidance and approval for security controls during design, testing, deployment, and production cutover.
• Ensure application teams follow regulatory, internal policy, and RISE-based software security controls.

Governance of Cybersecurity (Policies, Procedures, Compliance)
Information Security Governance
• Govern compliance with RISE (Regulations for Information Security), IT policies, standards, and procedures across the business unit.
• Develop and maintain documentation such as cybersecurity policies, standards, frameworks, guidelines, and awareness materials.
• Develop and Govern AI cybersecurity and risk frameworks, ensuring secure, compliant, and responsible use of AI aligned with enterprise security and regulatory requirements.
• Manage Information Security Risk Management (ISRM) processes, including risk identification, assessment, mitigation tracking, and reporting.
• Support business-specific risk management in cybersecurity and report regularly to ISO Coordinator and senior IT leadership.
• Ensure execution of security spot checks, audits, and cybersecurity assessments across applications and infrastructure.
• Support internal and external audits, ensuring evidence readiness, control testing, and remediation oversight.
• Lead Cybersecurity KPI definition, tracking, reporting, and continuous improvement efforts.
• Govern Identity & Access Management (IAM) controls, User Access Management (UAM), and information classification adherence.
• Oversee the security governance of Shadow IT applications, ensuring visibility, risk mitigation, and compliance measures.
• Support global and regional cybersecurity awareness campaigns and deliver local awareness initiatives.
• Ensure continuous improvement of ISRM and support the Business Continuity Program (BCP).

Cloud Vendor Management
Vendor & Third Party Cyber Risk Oversight
• Manage cloud service provider (CSP) security evaluations, ensuring compliance with MB security frameworks and contractual obligations.
• Oversee third party cybersecurity risk management processes for cloud vendors, including due diligence, risk scoring, and mitigation tracking.
• Ensure cloud vendors adhere to RISE controls, data protection regulations, and global cloud governance standards.
• Coordinate assessments, security reviews, and audits of cloud vendors and managed service providers.
• Track SLAs, security obligations, vulnerabilities, incident response readiness, and compliance deliverables from cloud vendors.
• Collaborate closely with GCS, Central ISOC, and MBAG teams on global cloud security governance, tool harmonization, and reporting.
• Review vendor architecture and service changes to ensure they do not introduce new risks or non-compliance.
• Provide regular reporting on vendor risks, cloud security posture, and compliance dashboards to leadership.

This position reports to Mercedes-Benz NAFTA Information Security Officer, closely working with the Director Cybersecurity & Cross functions, Global Chief Information Security Officer (CISO).
 

Qualifications

Education:
Bachelor's/master’s degree (accredited school) or equivalent with emphasis in: 
Cyber Security / Computer / Information Science
Information Technology
 

Knowledge, Skills & Abilities: 

• Minimum of 10+ years of relevant work experience in IT 

• Experience in many of the following areas:

  • Knowledge in IT security, with a focus on cloud environments

  • Hands-on experience with security tools and cloud-native services across Azure, AWS, and GCP

  • Knowledge of IT guidelines and corporate IT policies, IT standards, knowledge of IT organization (e.g., for escalation paths for non-standard requests)

  • Overview of current threats, risks, information security techniques, and controls to mitigate them.

  • Experience in application software planning, development, and integration into proposed business solutions

  • Experience implementing comprehensive application testing methodology.

  • Experience identifying, evaluating and managing risk in a complex and changing environment.

  • Experience in developing and implementing countermeasures to identify application security risks.

  • Working knowledge of NIST, Open Web Application Security Project (OWASP) and Open-Source Security Testing Methodology Manual (OSSTMM)

  • Experience interacting with development teams to articulate security requirements and processes while collaborating on architecture and engineering design options, implementation, testing and user acceptance.

  • Highly proficient in the configuration and deployment of applications in complex environments

  • Experience in working with software developers throughout the software development life cycle (SDLC)

  • Experience supporting security in DevOps processes.

  • Hands-on development experience and working knowledge of web application languages and framework.

  • Experience discerning an organization’s security control for application software based on vulnerabilities and business needs.

  • Strong proficiency with common management frameworks, regulatory requirements, and industry-leading practices

Certifications:
• Professional certifications such as CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional).
• Cloud platform certifications (AWS, Microsoft Azure, and/or Google Cloud)
• The ideal candidate must pursue Current & Future Mercedes-Benz-mandated certifications

Additional Information 
• No Sponsorship/Visa Transfer Available 
• Must be able to work flexible hours/work schedule. 
• Travel Domestic and International
• Work Holidays, Weekends when required. 
 

EEO Statement

Mercedes-Benz USA is committed to fostering an inclusive environment that appreciates and leverages the diversity of our team. We provide equal employment opportunity (EEO) to all qualified applicants and employees without regard to race, color, ethnicity, gender, age, national origin, religion, marital status, veteran status, physical or other disability, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local law.