Title: Senior Cloud Security Engineer
Location: Pittsburgh, PA (Remote until Covid-19)
Duration: Contract to hire
Responsibilities and Qualifications
· Have experience writing code to automate security processes or build security tooling.
· Have experience implementing security in AWS, GCP, Azure or other cloud service providers.
· Develop a capability to design, implement, and continuously update a technical security control requirements model supporting enterprise information security policies and standards, enterprise technology strategy, enterprise technology architecture and patterns, information security industry best practices, emerging information security technologies, and relevant laws and regulations (e.g. HiTrust, HIPAA, Sarbanes-Oxley, NIST SP 800-53 rev 5, GLB, and others.)
· Work with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives.
· Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices.
· Exercise thought leadership in the creation and maintenance of security architectures/design patterns.
· Develop technical designs for a project to meet information security requirements based on approved security architectures/design patterns.
· Communicate and interact effectively and professionally with co-workers, management, internal and external customers and partners.
· Continuously develop, track and report the status of all capability development and service delivery efforts through boardroom-quality visual communication deliverables.
· A thorough understanding of the organization's technology and IT systems.
· Planning, researching, and designing security architectures.
· Developing, reviewing, and approving the installation requirements for LANs, WANs, VPNs, routers, firewalls, and related network devices.
· Use your deep technical experience to guide discussions, designs and planning in a collaborative environment with multiple stakeholders.
· Experience working in an Agile/SAFe development environment and communicating the value of security to developers or other engineers.
· Demonstrate initiative by suggesting modifications to existing tools or technologies or developing new tools that improve security for the business.
· You are passionate about security, like learning new things and are comfortable making decisions in situations of uncertainty.
· Use your experience with DevSecOps, CI/CD, Containers and Microservices to insert security into our build and deployment processes. We are looking for individuals who know how to use tools like CloudFormation, Terraform, GitLab, Docker and Kubernetes.
· You possess an excellent understanding of key security technologies such as identity & access control, logging, antivirus protection, vulnerability management, image & service hardening, encryption, product and application security, network security, etc. to build or mature existing tooling and security functionality at ODC.
· You are comfortable juggling multiple projects and can self-prioritize as needed.
· Familiarity with industry standard security frameworks such as CIS, NIST, SOC2, ISO, etc.
· Experience with AWS/GCP/Azure: 3 years (Required)
· A Master’s or Bachelor's degree in Information Systems, Computer Science, or related field.
· Advanced IT security certifications may be advantageous.
· 5-10+ years' experience in information security and IT risk management.
· A strong working knowledge of current IT risks, security implementations, and computer operating and software programs.
· The ability to interact with a wide range of people from different backgrounds and races.
· Knowledge of certain tech stacks and security protocols, exposure to CyberArk a plus
· Experience with HiTrust, HIPAA, Diversity Principles, Corporate Integrity, NIST 800-53, FedRAMP and other Compliance Program policies
· Excellent teaching, problem-solving, communication, and interpersonal skills.
Any 3 of the following certifications required:
· CISSP: Certified Information Systems Security Professional
· CCSK: Certificate of Cloud Security Knowledge
· CISCS: Certified Integrator Secure Cloud Services
· ISSAP: Information Systems Security Architecture Professional
· CRISC: Certified in Risk and Information Systems Control
· CCSP: Certified Cloud Security Professional
· Cloud Service provider specific certification