What are we building?
Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team that resonates passion for learning, operating, and building new products and technologies for millions of consumers. We care about each customer’s interaction, experience, behavior, and insight and strive to ensure we’re always acting authentically.
Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, Hard Rock Digital taps a brand known the world over as the leader in gaming, entertainment, and hospitality. We’re taking that foundation of success and bringing it to the digital space - ready to join us?
What's the Position?
We're looking for a Principal Cloud & Network Security Engineer to own security across our cloud footprint and all the way out to the edge that fronts millions of players. This spans a genuinely multi-cloud estate — AWS, Azure, and GCP — plus the Cloudflare edge that sits in front of it all.
This role reports directly to our VP Security / CISO — cloud, network, and edge security is a first-class pillar of the security program, not a sub-team. And you won't do it alone: you'll join a 16-person security organization, including a dedicated Security Architecture & Engineering team and a 24/7 SecOps function, as the senior technical owner for this domain.
This is a high-impact, high-autonomy role for someone who is equally comfortable reasoning about a VPC design, writing a Terraform guardrail, and tuning a WAF rule that protects live betting traffic on the biggest game night of the year.
What You'll Do
Cloud Security Posture
Own cloud security posture and runtime protection across AWS, Azure, and GCP using Wiz and modern runtime protection tooling — from finding misconfigurations to driving them to closure and catching threats at runtime. You own infrastructure-layer and configuration risk end to end, partnering with our Principal Product Security Engineer, who owns the application and dependency vulnerability lifecycle.
Define and maintain secure configuration baselines and guardrails so new cloud resources are safe by default
Partner with SecOps to feed high-quality cloud signals into our detection and response pipeline
Network Security & Microsegmentation
Design and implement network segmentation and east-west controls that limit blast radius across our environments
Advance Zero Trust network access using Cloudflare Access, private connectivity, and service-to-service authentication (including mTLS where it fits) — partnering with our Principal Identity Engineer on the identity signals those policies consume
Align our network posture to NIST SP 800-207 and the CISA Zero Trust Maturity Model (Networks pillar)
Edge Security
Own the security configuration of our Cloudflare edge — WAF, Bot Management, and DDoS protections — plus our broader Cloudflare Zero Trust deployment, protecting Hard Rock Bet, our customer-facing sportsbook and casino
Tune protections to stop abuse and attacks without blocking real players
Infrastructure-as-Code & Platform Security
Build policy-as-code and Terraform guardrails, and embed infrastructure-as-code security scanning (Wiz Code) into CI/CD pipelines — you own the infrastructure-scanning side of the pipeline; our Principal Product Security Engineer owns application and dependency scanning
Partner closely with platform and infrastructure teams to make secure infrastructure the default path, not an afterthought
Automate the boring parts so security scales with a fast-moving engineering org
Technical Leadership
Act as the design authority for cloud, network, and edge security — setting standards, mentoring security and platform engineers, and driving alignment across teams you don't manage
What are we looking for?
10+ years in cloud, network, or infrastructure security engineering — or equivalent practical experience
Deep, hands-on expertise in at least one major cloud (AWS strongly preferred), with working knowledge of a second
Experience with cloud security posture and runtime protection tooling (Wiz or equivalent CNAPP/runtime tooling) at scale
Strong network security fundamentals: segmentation, firewalls, ZTNA, and secure connectivity patterns
Hands-on experience with edge/WAF/CDN protection (Cloudflare a strong plus)
Infrastructure-as-Code proficiency (Terraform), a policy-as-code mindset, and scripting/automation skills (Python, Bash, or Go) — comfortable working in CI/CD pipelines
A track record of leading through influence — you set technical direction across teams you don't manage, and you can explain a network path to an engineer and a risk to an executive
Fluency with AI — you lead with it, reaching for AI tools daily to work faster and sharper; hands-on experience applying AI to security or engineering work is a must
You don't need to tick every box. If you're deep in two of the three domains — cloud, network, edge — and curious about the third, we want to hear from you.
Bonus Points
Experience in a regulated industry (gaming, financial services, healthcare) — especially PCI DSS network segmentation and scoping, or GLI-19/GLI-33 requirements
Deep Cloudflare experience across WAF, Bot Management, Access, and the Zero Trust suite
Experience securing containers and orchestration — Kubernetes network policy, service mesh, or workload identity
Relevant certifications (e.g., AWS Security Specialty, CCSP, GIAC cloud/network security)
Experience deploying DNSSEC (or DNS-layer security controls) across a production, multi-zone estate
Who You Are
Fiercely focused — you cut through noise, pick the risks that actually matter, and finish strong
Deeply curious — you dig into how attackers move through cloud and network, test your own assumptions, and shut those paths down
Customer obsessed — you tune protections so millions of players never notice security; they just feel safe
A builder who prefers guardrails over gates — you make the secure path the easy path
Meticulous about reducing blast radius and eliminating standing risk
You prioritize well amid competing demands and bring others along — engineers trust you because you make their path easier, not harder
Why This Role Is Different
Security for cloud, network, and edge usually gets scattered — split across platform teams, bolted on late, or filed as findings someone else may never fix. Here it's one security mandate, reporting directly to our VP Security / CISO. Our cloud/DevOps and network engineering teams build and run the platform; you're the security authority working beside them — setting the guardrails and secure-by-default patterns across three clouds and the edge that fronts millions of players, with the autonomy and air cover to shape the foundations every Hard Rock Digital product runs on. When the biggest game of the year sends traffic vertical, your guardrails are what keep the show running.
This is one of three Principal openings reporting to our VP Security / CISO: Identity (who and what gets access), Cloud & Network Security (where workloads run and how traffic moves), and Product Security (the code and its vulnerabilities). Apply to the one that sounds like your Tuesday.
What’s in it for you?
We offer our employees more than just competitive compensation. Our team benefits include:
Competitive pay and benefits
Flexible vacation allowance
A hybrid / remote working environment
Startup culture backed by a secure, global brand
Roster of Uniques
We care deeply about every interaction our customers have with us, and trust and empower our staff to own and drive their experience. Our vision for our business and customers is built on fostering a diverse and inclusive work environment where regardless of background or beliefs you feel able to be authentic and bring all your talent into play. We want to celebrate you being you (we are an equal opportunity employer