Cloud Security Engineer Dallas or Detroit metro

Cloud Security Engineer

The Cloud Security Engineer plays a vital role in supporting Comerica's cloud security posture by assisting in the monitoring, analysis and protection of cloud-based infrastructure and services. This role will involve working with cloud security tools, including AWS GuardDuty, CloudTrail, CloudWatch, CNAPP.

This role will also develop and implement security processes and solutions that protect our cloud environments. The incumbent will be responsible for the ongoing assessment and compliance with required security guidelines across our enterprise computing landscape, ensuring robust security measures are in place.

Position Responsibilities:

Cloud Security Monitoring

• Perform Cloud focused investigations by analyzing logs and services relevant to the underlying cloud service provider.
• Design, implement and support secure cloud architecture across various platforms (e.g. AWS, Azure, Google Cloud Platform).
• Support cloud scanning and monitoring coverage evaluation on AWS, Azure & Google Cloud Platform.
• Process SIEM tools enhancement requests, support design, build, test and deploy.
• Support development, documentation, and maintenance of operationally effective playbooks to deal with Cloud-based incidents.
• Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed.
• Assess and recommend cloud security best practices, tools, and technologies.
• Propose changes to the technical design solutions as applicable.
• Maintain detailed documentation for procedures and incidents.
• Prepare and present regular security reports and dashboards to management.

Security Automation & Tools Implementation

• Develop and integrate automated security solutions to ensure sufficient coverage, improve operational efficiency and reduce manual intervention.
• Develop and maintain automated security processes and scripts to streamline cloud security operations.
• Work closely with other functional infrastructure areas/departments on multiple initiatives to meet organizational/business goals & objectives.
• Participate in planning guidance on short term & long-term planning to meet ongoing business & operational needs.
• Participate in and contribute to project teams on architectural, design development, integration opportunities, planning of complex systems & assures it is aligned to our established strategies, guiding principles, rationales & practices.

Risk Management -- Compliance and Regulatory Adherence

• Ensure the cloud infrastructure complies with industry regulations (e.g. SOX, SOC 2, PCI-DSS, FFIEC, GLBA).
• Participate in audits and assessments related to cloud security and compliance.
• Participate in audits and assessments to ensure that cloud environments meet security standards and regulatory compliance requirements.
• Participate in testing and analysis of procedures and systems to prepare for emergencies.
• Actively participate in threat modelling of new services/capabilities, readiness exercises such as purple team, and tabletops.
• Security assessment with AWS, Microsoft and other 3rd party vendors as needed.
• Support the process to assess and create monitoring rules within the CNAPP tool that follow existing integrated procedures and provide updates on a recurring basis.
• Provide evidence of controls that the policy gaps are now being monitored.

Administration and Communication

• Security tools administration. Configure and manage cloud native tools like AWS GuardDuty, AWS Security Hub.
• Metrics and KPI tracking and reporting on cloud security performance, such as incident response times, policy compliance.
• Maintain detailed security documentation and reports for internal and external stakeholders, including audit reports, formulating procedures.
• Collaborate closely with cloud engineering teams to integrate security controls into the cloud infrastructure and development pipelines.
• Develop designs for projects that have low to medium complexity.
• Other duties as assigned.