Cloud Security Engineer

Access control, Amazon Web Services, Architecture, Automation, Cloud security, Continuous integration, Cyber security, DevOps, Docker, Financial services, Git, IT security, IT service management, Identity management, Infrastructure, Kubernetes, Networking, SCP, SOLID, STS, SaaS, Scripting, Security, Security controls, Software deployment, Virtual private cloud
Full Time
Depends on Experience
Work from home available Travel required to 10%.

Job Description

Aqueduct Technologies is seeking a Cloud Security Engineer for their customer, a reputable financial organization, based in Boston, MA. This is a senior hands-on/technical AWS Security/DevOps engineer position which will work on the infrastructure/dev-ops team and be responsible for driving IT Cloud transformation, implementation, evangelism of the upcoming next-gen IT platform and ensure that security is defined and implemented. This role will help drive architecture principles and best practices to be leveraged across the organization. This is a permanent, salaried position.

The transformation, managed by the team, will include:

  • Identification of the use-case to consume Public Cloud based on the pillars we defined.
  • Identification and containerization (Docker/K8S stack) of the applications that will need scalability/elasticity/fast provisioning.
  • CI/CD and Blue Green deployment approach.
  • “APIzation” of Infrastructure to serve CI/CD deployment.
  • This position will define and propose IT transformations to the team.
  • A focus for this position will be to design, implement, integrate and maintain all aspects of IT security as it pertains to the AWS Cloud transformation initiatives.

Essential Job Functions:

  • Design, Drive and Rollout AWS Services Sandbox environments required for AWS training and for AWS Services exploration for research and developer groups.
  • Design, Drive and Rollout IT Security controls necessary for each new AWS Services that we will deployed within either via AWS Service catalog or natively deployments.
  • Design, Drive and Rollout IT Security controls necessary for AWS multi-account management automation stacks.
  • Collaborate with Network Engineering and Cyber Security teams to integrate AWS Cloud designs, initiatives and controls into other platforms and workflows.
  • Provides exceptional AWS Cloud security expertise at a very technical level focused on design, engineering and operational support towards the successful delivery of this IT transformation.
  • Participate in deep Cloud architectural discussions and drive topics, directions and problem-solving outcomes to ensure solutions are designed for successful security controls for Cloud technologies; AWS public/private cloud, SaaS solutions and on-prem.
  • Build and maintain effective partnerships with key cross functional leaders and team members – Transversal leadership and ability to federate is key for this team position (you will be part of Scrum Cloud Team and you will need to do the junction with IT Security chapter).
  • Educate and coach project team members, sponsors, and functional leaders on Cloud security aspect, and their roles in effective change.
  • Facilitate and advance high-level strategic decision making through detailed analyses and material preparations.
  • Recommend appropriate new or revised process management tools and practices around IT Cloud Security you will manage.
  • Design, guide and support multiple security Cloud work stream leads through the design and implementation of targeted change strategies including identification of change impacts to people, process, policy, and structure, stakeholder identification and alignment, appropriate communication and feedback loops, success measures, training, organizational readiness, and long-term sustainability.

Required Skills/Qualifications:

  • Bachelor’s (Master’s preferred) degree in Computer Engineering or related field; at least 7 years of prior experience, financial services exposure is a plus.
  • Proven record of similar experience to secure AWS Cloud for a firm with a solid experience of pros and cons of each Security tools provided by AWS. This experience needs to have been done with automation (Python).
  • Proven record of building DevSecOps API to support “Infra As Code” approach in CI/CD context so a solid experience with Python/Flask RestPlSwagger and CI/CD/Blue-Green deployment (Git/Gitlab/Gitlab CI).
  • Experience with securing Docker containers and Kubernetes stacks.
  • Working on daily basis with Python / Boto3.
  • Working on daily basis with Kanban or Agile Scrum sprint.
  • Strong motivation to enhance cyber security controls and processes.
  • Strong passion for technology, a willingness to learn new skills and the ability to evangelize.
  • Self-motivated and self-directed, ability to translate technical direction into functional solutions.
  • Ability to work effectively, managing multiple priorities while collaborating with cross-functional teams.
  • Proven ability to investigate complex issues spanning multiple technologies and drive to completion.
  • Ability to work with vendors, management, and staff at all levels within the organization.
  • Complete understanding of AWS Cyber Security services and platforms including but not limited to; GuardDuty, Inspector, AWS Config, Tower, Detective, Security Hub, Macie, CloudWatch, CloudTrail and STS.
  • Complete understanding of AWS access controls methods and options including but not limited to; KMS, IAM, Bucket Policies, permission boundaries SCP and Organizations.
  • Complete understanding of AWS Networking components including but not limited to; Transit Gateways, VPC, API/HTTP Proxy and Bastions.
  • Complete understanding and ability to automate and integrate services and applications using but not limited to; Lambda functions, Cloud Formation and post-scripting with the concept of “least privileged” access controls.
  • Understanding of MITRE ATT&CK framework techniques and methodologies and how those pertain to our cloud design and provisioning.
  • Ability to review adhoc AWS Services and/or alternative integrations into cloud and understand how to integrate access policies, logging and alerting into application/service.
  • We maintain a friendly, team-oriented environment and place a high value on professionalism, attitude and initiative.
  • Ability to be on site in Boston on an as needed basis

Aqueduct Technologies, Inc. assists customers in finding top talent for their diverse staffing augmentation needs and providing technical solutions including deployment and support of advanced networking, systems, storage, and collaboration solutions to enable better business results. Aqueduct is one of the fastest growing IT services organization in the US, powered by our relentless pursuit of customer satisfaction, corporate culture, and employing the top 10% in the industry.

Dice Id : 10501757
Position Id : 6771547
Originally Posted : 3 months ago
Have a Job? Post it