Cloud Security Engineer

While studying for my AWS Certified Cloud Practitioner, the role of a Cloud Security Engineer caught my attention. As I researched further, I realized that this is one of the fastest-growing and high-paying careers in today’s tech industry.

As I continued exploring this role, I discovered that Cloud Security Engineering is a subdomain of Cybersecurity, focusing specifically on securing cloud environments. Given the rapid adoption of cloud services, businesses are prioritizing cloud security to protect their infrastructure, applications, and data from evolving threats.

In this discussion, let's dive deep into what it takes to become a Cloud Security Engineer, the essential skills, certifications, and hands-on experience needed to excel in this career.

What is Cloud Security?

How to become one?

Before we start talking about the role. Let's talk about first what is Cloud Security. Cloud Security is the practice of protecting cloud-based assets like data, applications, and systems. From past years to the present and undoubtedly in the future, businesses continue to scale into the cloud due to its cost-effectiveness, scalability, and high availability. This shift enables seamless expansion and operational efficiency, making cloud adoption a strategic advantage for growth-oriented companies. With this growing demand, threats are also evolving, and threat actors are becoming increasingly sophisticated. This makes it crucial to have professionals, such as Cloud Security Engineers, who specialize in securing cloud-based assets and protecting businesses from ever-changing cyber risks.

Cloud Security mainly covers the following:

• Encryption - Make sure that Data-at-rest and Data-in-transit are encrypted. Specially those PII data which is highly sensitive.

• IAM (Identity & Access Management) - Ensure that permissions are granted strictly based on an individual's role, following the principle of least privilege.

• Network Security - Security hardening of Firewalls. This is to make sure that we mitigate or prevent external threats.

• Compliance and Governance - Make sure we comply with regulatory requirements like HPAA, GDPR, PCI-DSS, etc. and follow best practice to maintain security standards.

• Incident Response - This is an approach of "How do we respond to an incident". Use of Incident Response Framework like Preparation, Identification, Containment, Eradication, and Lessons Learned (PICERL)

What is Cloud Security Engineer?

A Cloud Security Engineer is a specialized professional responsible for ensuring that cloud security technologies are properly implemented and functioning effectively. This role often involves collaborating with other experts, such as Cloud Engineers, to design secure cloud infrastructures and DevOps Engineers, to safeguard CI/CD pipelines.

In smaller organizations, a Cloud Engineer may also take on cloud security responsibilities, managing both infrastructure and security aspects. However, in larger companies, these roles are typically distinct:

• Cloud Security Engineers focus specifically on security, risk management, and compliance within cloud environments.

• Cloud Engineers handle infrastructure deployment and management.

This separation allows enterprises to dedicate specialized resources to different areas of cloud security and management, ensuring a more robust and scalable cloud environment.

Key Responsibilities of a Cloud Security Engineer

• IAM (Identity and Access Management) Configuration – Ensuring proper access controls and identity policies.

• WAF (Web Application Firewall) Configuration – Protecting cloud-hosted applications from common web threats.

• Creating Security Groups – Defining and managing firewall rules within the cloud.

• Data Protection – Implementing encryption, backup strategies, and secure storage practices.

• Compliance and Regulatory Adherence – Ensuring alignment with industry standards (e.g., GDPR, HIPAA, ISO 27001).

• Incident Response & Remediation – Detecting and mitigating security breaches.

• Monitoring and Threat Detection – Utilizing SIEM tools, anomaly detection, and continuous security monitoring to prevent attacks.

A Cloud Security Engineer plays a crucial role in protecting cloud environments from evolving cyber threats, ensuring businesses can operate securely in the cloud.

Cloud Security Engineer is one of the most highly paid job roles in the tech industry. Due to the high demand for this role, you need to develop specific skills to qualify.

I'm not an expert, but after researching this field by watching videos and reading blogs, I've compiled a list of essential skills for becoming a Cloud Security Engineer, especially if you're starting from scratch.

1. IT Fundamentals

If you're new to tech, you must first learn IT fundamentals. This includes understanding how computers work, their components, and the functions of each part. You should also gain knowledge about drivers, software, and operating systems.

Fortunately, many free resources are available online. For example, Professor Messer's YouTube channel offers a CompTIA A+ course, which is an excellent starting point for IT fundamentals.

2. Networking

Networking is one of the most crucial skills on this list because it serves as the backbone of the internet. To work in cloud security (or even cloud engineering), you need to understand networking fundamentals such as:

• IP addressing and how it works

• Subnetting

• TCP/IP protocol

• Common ports

• TCP vs. UDP

Since Virtual Private Cloud (VPC) is one of the core services in cloud computing, networking knowledge is essential. You can gain this knowledge by pursuing certifications like:

• CCNA (Cisco Certified Network Associate)

• CompTIA Network+

For free learning resources, YouTube channels such as David Bombal, Jeremy's IT Lab (for CCNA), and Professor Messer (for Network+) are excellent options.

If you're Filipino and prefer structured learning for CCNA, I highly recommend TechAcademy by Billy Ramirez, which I personally found helpful in strengthening my networking fundamentals.

3. Cybersecurity Fundamentals

After mastering IT fundamentals and networking, the next step is to learn cybersecurity basics. Key concepts include:

• CIA Triad (Confidentiality, Integrity, Availability)

• Encryption

• Firewalls

• Governance and Compliance

• Common threats and vulnerabilities

You can gain this knowledge by obtaining certifications such as:

• Google Cybersecurity Certificate (via Coursera)

• CompTIA Security+

Again, Professor Messer’s YouTube channel is a great free resource for Security+, and if you want structured learning, TechAcademy by Billy Ramirez is highly recommended. I used it as my main resource to pass the Security+ exam.

4. Cloud Computing

Once you have a solid foundation in IT, networking, and security, it's time to dive into cloud computing. You should choose one cloud provider to specialize in before branching out. The top three cloud platforms are:

• Amazon Web Services (AWS) – Dominates the cloud market with its compute services.

• Microsoft Azure – Well-known for its integration with Microsoft Office and enterprise solutions.

• Google Cloud Platform (GCP) – Gaining traction in AI and data-related services.
  

But in this blog we'll gonna talk about AWS and Azure

Since cloud technologies have similar concepts but different terminologies, it's best to deep dive into one platform first before learning others.

Although I’m not a fan of multiple-choice certifications (even though I have some), they do help in understanding cloud technologies. Each cloud vendor has a different certification path for Cloud Security Engineers, but here’s my recommended approach:

If I choose AWS:

1. AWS Certified Cloud Practitioner

2. AWS Solutions Architect Associate (aim to get at least this certification)

3. Create a cloud security project and blog about it on Medium or GitHub, or build a portfolio website

If I choose Microsoft Azure:

1. Microsoft Azure Fundamentals

2. Microsoft Azure Administrator (aim to get at least this certification)

3. Create a cloud security project and document it on Medium, GitHub, or a portfolio website

Once I have these credentials, I will start applying for entry-level jobs. At this stage, it doesn’t matter if the role focuses more on cloud engineering or security. The goal is to land an entry-level job.

To advance in my career, I will then pursue:

• AWS SysOps Administrator → AWS Security Specialty (for AWS)

• Microsoft Security Engineer (for Azure)

Some may ask, "Why not go straight to security-focused certifications like AWS Security Specialty or Microsoft Security Engineer?" My answer: You need to understand infrastructure before securing it. Security is about protecting assets, and you can’t secure something you don’t fully understand—hence, learning the fundamentals first is crucial.

5. Scripting

Scripting is also a vital skill for Cloud Security Engineers. Most cloud platforms now rely on Infrastructure as Code (IaC) to build and automate infrastructure. Learning Python is a great starting point.

You don’t need to become a full-fledged programmer; just knowing how to read and write basic scripts will significantly help in automating security tasks and improving efficiency in cloud environments.

5. SOC Knowledge

As you progress through the areas mentioned above, you must deepen your knowledge in Security Operations—including threat hunting, incident response, and intrusion analysis.

As a Cloud Security Engineer, especially in senior roles, you will be responsible for performing these tasks within cloud infrastructure. Having hands-on skills is crucial to effectively handle security incidents, detect threats, and analyze intrusions in cloud environments.

Fortunately, many platforms offer hands-on practice to help improve these skills. Some of my personal go-to resources for enhancing Security Operations Center (SOC) skills include:

• TryHackMe

• HackTheBox

• LetsDefend

• CyberDefenders

• And many more.

These platforms provide practical, real-world scenarios that allow you to develop and refine your skills in security monitoring, digital forensics, and cloud-based incident response.

Why Did I Write This Blog Even if I'm not an expert about this field?

I wrote this blog because my long-term goal is to become a Cloud Security Engineer, and I see this career as a journey, not a destination. Currently, I’m focused on learning cloud technologies while deepening my understanding of Security Operations Centers (SOC). Since mastering one skill at a time is essential, my priority right now is SOC. Instead of diving straight into cloud security, I believe in building a strong foundation first, breaking into the security industry and gaining hands-on experience before specializing further.

This blog serves as my personal roadmap, providing a clear and structured approach to achieving my goal. While my approach starts with the SOC Analyst path, this isn’t a detour but rather a stepping stone, as the knowledge I gain will still apply when I transition into Cloud Security Engineering. By taking it one step at a time, I’m confident that I will reach my goal, and I hope this blog helps others on a similar journey.

Becoming a Cloud Security Engineer requires dedication and continuous learning. Start with the fundamentals, build hands-on experience, and work toward certifications to validate your skills. Most importantly, apply your knowledge through projects and share your learning journey online, this will make you stand out when applying for jobs.