Senior Cloud Security Engineer

Overview

Remote
$120,000 - $140,000
Full Time
No Travel Required

Skills

Amazon Web Services
Azure
Cloud infrastructure
Computer Science
DNS
DevOps
Direct Connect
ExpressRoute
Firewall
GLBA
ISO 27002
Information Systems
Kubernetes
Linux
OAuth
RBAC
TCP / IP
Threat modeling
Web Services
application security
authentication
change management
collaborate
continuous
firewalls
malware analysis
network
network concepts
network traffic
public cloud
requirements
security compliance
service - oriented architecture
software
software development life cycle
web applications

Job Details

Job Title:  Senior Cloud Security Engineer

Location:  Remote

 

We are looking for a highly motivated Cloud Security Engineer to join our Engineering Security function reporting to the Director of Engineering Security and Compliance.  We are seeking a passionate individual who is excited about protecting cutting-edge web applications built on public cloud such as AWS and Azure.

The ideal candidate should possess strong cloud security skills, hybrid/multi-cloud network concepts, a deep understanding of secure software development life cycle methodologies, and a keen eye for detail. As a Cloud Security Engineer, you will be an essential part of the Engineering Security team, focused on ensuring the security of of web applications and cloud infrastructure through the continual improvement of security tooling, automation, and engagement with internal stakeholders.

Outcomes and Activities:

  • Design and Implement cloud security architecture using zero-trust principles.
  • Automate security controls, data, and processes to provide better metrics and operational support using security-as-code.
  • Configure network security including in a hybrid context with traditional network centric controls
  • Design and Implement host-based security monitoring (E.g. AWS Inspector), network security tooling, or other infrastructure related security projects.
  • Assess and support application migration efforts including but not limited to network connectivity architecture.
  • Conduct Threat modeling to support business requirements.
  • Define and implement IaC validation to prevent insecure configuration from being deployed.
  • Configure access within the cloud environment using the defense-in-depth principle.
  • Assess cloud systems and infrastructure to identify potential weaknesses or problems and upgrade software, VMs, containers to ensure optimal performance of cloud environment and security tools,
  • Develop automated security compliance, remediate misconfigurations, vulnerabilities in the code/configurations.
  • Lead cloud security issue remediation, troubleshooting and continuous improvement efforts including collaborating with stakeholders to improve overall application security posture.
  • Support Cloud Security Maturity Assessment processes with automated security reviews.
  • Implement and configure security controls and policies, manage access to data, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.
  • Take ownership of new initiatives, work with internal security teams, ESS, engineering, and product functions to deliver actionable intelligence or solutions that will lower risk.
  • Support our DevOps and infrastructure engineers to implement security best-practices and enable secure development and release processes.

The following items detail how you will be successful in this role.

  • Impact Analysis: Understand the rationale behind and how changes impact the enterprise and/or applications and across the technical ecosystem.
  • Solution Design: Ability to translate high level requirements to create and implement designs that meet the needs of the customer, are technically sound, maintainable and cost effective.
  • Technical Domain: Have an understanding of the technical domain, including the application architecture, secure design and data of the application they support and systems to which it interfaces.
  • Testing Techniques: Understand the range of testing techniques available well enough to select the most effective test procedures.

Requirements:

  • Bachelor’s degree in Computer Science, Information Systems, or closely related field of study or equivalent experience
  • 6+ years of experience in the Information Security field
  • 4 years of experience deploying services on public cloud infrastructure such as Amazon Web Services (AWS) or MS Azure
  • Experience architecting solutions within Amazon Web Services (AWS) or MS Azure
  • Experience performing design reviews to assess security implications and requirements for introduction of new technologies.
  • Experience deploying and customizing security tools to address threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, IDS/IPS, malware analysis, network traffic flow and packet analysis, cloud security posture management (CSPM), etc.
  • Knowledge of networking and web protocols (TCP/IP, HTTP, TLS, REST), and the ability to analyze traffic to find anomalies.
  • Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
  • Must have hands-on experience with AWS and Linux in a production environment.
  • Experience of Hybrid/Multi-cloud network design and configuration (example: AWS Direct Connect)
  • Knowledge of Federated Identity, RBAC, authentication & authorization solutions, etc.
  • Working knowledge of secure-cloud configuration, (e.g., CloudTrail, AWS Config), cloud-security technologies (e.g., VPC, Security Groups) and Cloud infrastructure entitlement management (CIEM).
  • Familiarity with industry compliances such as SOX, GLBA, ISO 27002, or PCI-DSS
  • Working knowledge of CIS, CSA and NIST best practices.
  • Demonstrated ability to collaborate with other teams to achieve complex objectives.

Preferred:

  • AWS Certified Solutions Architect – Associate or Professional certification
  • Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc).
  • Strong Experience on networking tasks, e.g., IP subnetting, Network Security Groups, routing, Firewall, Direct Connect, ExpressRoute, load balancer, proxy, DNS etc.
  • Experience with service-oriented architecture for cloud-based services.
  • Experience using CI/CD pipelines to perform automated security testing and change management.
  • Expert in VMs, Container, Container Registry, Docker, Kubernetes security design and implementation etc.
  • Deep understanding of Cloud-Native Application Protection Platform (CNAPP

 

 

Vital Tech Solutions is an Equal Opportunity Affirmative Action employer. We prohibit discrimination in decisions concerning recruitment, hiring, compensation, benefits promotions, training, termination or any other condition of employment or career development.   All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, veteran status, disability status or any other legally protected status.