Cloud Security Engineer
Meet Our Team:
This team is part of Pega’s Cloud Cybersecurity organization within the Cloud Cybersecurity Operations tribe. We help build and operate the security controls, automation, and response capabilities that protect Pega's cloud environments, including FedRAMP-regulated government infrastructure, commercial AWS, and multi-cloud platforms. We work across IAM, vulnerability management, compliance automation, SOAR response actions, and AI-driven security tooling. Engineers on this team own their domains end-to-end: design, build, operate, and iterate.
Due to the nature of the role's work with FedRamp, US Citizenship is required
Picture Yourself at Pega:
You'll be a part owner of Pega's FedRamp/cloud environment, responsible for both day-to-day operational security and sprint-based feature delivery. You'll work alongside peers delivering AI-driven remediation pipelines, identity automation, and cloud security tooling, and are expected to contribute to that innovation work alongside your responsibilities.
This is an engineering role. You write code, build automation, operate regulated infrastructure, and ship features, not just process tickets.
What You'll Do at Pega:
Access Governance & Identity Operations (30%)
- Own Okta administration for PCFG and Commercial environments: MFA resets, account provisioning, Okta Verify troubleshooting, policy enforcement
- Manage IAM roles, permission boundaries, deployment entitlements, and access reviews across PCFG accounts (CloudOps, Jenkins, deployment pipelines)
- Build and maintain entitlement automation workflows for joiner/mover/leaver processes
- Support SailPoint quarterly certifications and access request workflows; contribute to AI-assisted certification automation
Vulnerability Scanning & Remediation (25%)
- Operate Nessus/Tenable and Netsparker scanning across PCFG RnD and PCFG Prod
- Respond to audit scan requests (UKCE, SOC, FedRAMP assessors) with findings and evidence
- Track and ensure zero high-severity findings outstanding beyond 30 days
Compliance Patching & BAU (25%)
- Execute FedRAMP Control Plane patching cycle every sprint — mandatory compliance obligation, non-negotiable
- Execute PCFG RnD OS automated patching and validate Commercial environment patches (SailPoint, PingCastle)
- Maintain patch compliance metrics; escalate blockers before sprint close
- Contribute to SSM Patch Manager automation to reduce manual patching overhead over time
Cloud Infrastructure & Automation Engineering (20%)
- Build infrastructure automation: Control Tower account provisioning, PCFG account lifecycle, CloudFormation role deployment
- Develop SSM Patch Manager alerting and role infrastructure
- Respond to ad-hoc infrastructure requests: IAM policy changes, Global Accelerator, Lambda roles, Bedrock model enablement
- Contribute to team-wide AI-driven remediation features — SOAR response actions, AWS Config automation, and AI intake tooling
What You've Accomplished:
- 3+ years in cloud security engineering or a closely adjacent role; hands-on with AWS (IAM, CloudFormation, SSM, Inspector, Config, GuardDuty)
- Experience operating in a FedRAMP or similarly regulated environment, you understand what compliance-driven delivery looks like
- Proficient with identity platforms: Okta administration, SailPoint or equivalent IGA tooling
- Comfortable writing automation: Python, shell, CloudFormation/Terraform, you don't wait for someone else to build the script
- Familiar with vulnerability scanning tools (Nessus/Tenable, Netsparker, or AWS Inspector)
- You operate well in a team that splits time between BAU obligations and feature delivery, context-switching is part of the job
- Exposure to SOAR platforms (Chronicle SecOps, Siemplify, or similar) is a plus
- Experience with GitHub-based CI/CD pipelines,you're comfortable with PR-gated workflows, GitHub Actions, and treating infrastructure and security content as code that gets reviewed before it ships
- You use AI tools (Copilot, ChatGPT, or similar) as part of how you build, scaffolding automation, generating test cases, accelerating repetitive engineering work and you know how to validate what comes out
Pega Offers You:
- Gartner Analyst acclaimed technology leadership across our categories of products
- Continuous learning and development opportunities
- An innovative, inclusive, agile, flexible, and fun work environment
- Competitive global benefits program inclusive of pay + bonus incentive, employee equity in the company (#LI-KH2)
Additional Information
Base salary range for this role is 86,700 - 129,600 USD annually. This role may also be eligible for annual bonus OR commission, as well as benefits and other incentives.
The final compensation will be determined during the offer process based on the candidate's education, experience, skills, and qualifications, as well as market conditions and may vary from the posted range. We will share an information on benefits, bonus/commission, and other pay components for this role at the relevant recruitment stage.
AI in Action – Responsible Use of AI in Recruitment
Pega embraces the responsible use of artificial intelligence (AI) to improve efficiency, consistency, and fairness across our business. We encourage thoughtful and ethical adoption of AI technologies that support people—not replace them. We may use AI‑enabled tools in our recruitment process. These tools are designed to assist us by providing insights and operational support.
All hiring decisions are made based on human review and judgment. You may have the right to request human review, provide additional information, or raise questions about how such tools are used.
Culture
At Pegasystems, we foster an environment where people feel valued and empowered to contribute their best. With global clients across industries and regions, we know our success depends on the unique perspectives, experiences, and talents of our people. Ours is a workplace where everyone can grow, collaborate, and deliver meaningful outcomes.
We encourage candidates from all backgrounds and experiences and focus on the core competencies and mindset needed to thrive in a role.
As an Equal Opportunity employer, Pegasystems will not discriminate in its employment practices due to an applicant's race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, veteran or disability status, or any other category protected by law.
Export Compliance
For positions requiring access to technical data subject to export control regulations such as this, Pegasystems may need to obtain export license approval from the U.S. Government and EU Authorities for certain individuals.
Accommodations
If you require reasonable accommodations under the Americans with Disabilities Act (US only) or comparable regional regulations in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please contact us here or contact (US only) 1-888-PEGA-NOW and/or 225 Wyman Street Waltham, MA 02451 ATTN: Benefits.
Labor Condition Applications
GDPR Candidate Privacy Notice
Pegasystems Limited UK Gender Pay Gap Statement
EEO/AA Policy Statement
Your Employee Rights Under the Family and Medical Leave Act
E-Verify Notice
Employee Polygraph Protection Act Rights