Senior Cloud Security Engineer

Position Description: 

Deploys and configures software applications within public cloud environments -- Amazon Web Services (AWS) and Azure. Identifies sources of software threats and vulnerabilities using Software Security Scanning (SAST or SCA) tools. Programs and implements application components using Python and CSP APIs. Builds processes and workflows using Cloud service delivery models-- IaaS, SaaS, and PaaS. Analyzes information to determine, recommend, and plan computer software specifications on major projects and proposing modifications and improvements based on user need. Confers with systems analysts, engineers, programmers and others to design systems and to obtain information on project limitations and capabilities, performance requirements and interfaces. 

Primary Responsibilities: 

• Supports Infrastructure-as-Code (IaC) processes.  

• Evaluates Cloud service security capabilities for enterprise adoption.   

• Communicates technical solutions, risks, and business value to peers and leadership. 

• Designs and implements automated Cloud security solutions. 

• Develops IaC process to create Identity and Access Management (IAM) roles and AWS resources and integrates with Jenkins for (CI/CD) processes.  

• Supports AWS SCP within CloudFormation based GIT repositories (for IAM Allow). 

• Maintains Allow or Deny policy repositories for 1400 or larger enterprise account structures.  

• Adopts and implements taxonomy strategy for existing enterprise infrastructure.  

• Integrates the logging and monitoring of IAM API backend to AWS Xray and Datadog.  

• Builds, configures, and sustains internal and external cloud platforms with development ecosystems. 

• Performs on-call duties and accepts requests or incidents within the SLA by resolving and assisting with ad-hoc issues.  

• Writes acceptance test cases other testing patterns to evaluate use cases in Cucumber. 

• Develops software system testing and validation procedures, programming, and documentation. 

Education and Experience: 

Bachelor’s degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Systems, Mathematics, Physics, or a closely related field and three (3) years of experience as a Senior Cloud Security Engineer (or closely related occupation) assessing, developing, and implementing enterprise Cloud security controls. 

Or, alternatively, Master’s degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Systems, Mathematics, Physics, or a closely related field and one (1) year of experience as a Senior Cloud Security Engineer (or closely related occupation) assessing, developing, and implementing enterprise Cloud security controls. 

Skills and Knowledge: 

Candidate must also possess: 

• Demonstrated Expertise (“DE) performing technical security risk assessments of public cloud services (AWS) using established industry standards and frameworks including the Center for Internet Security (CIS) Benchmarks and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. 

• DE developing, testing, and maintaining security controls using custom automation and IaC tools (PowerShell, Python, Terraform, and CloudFormation) within enterprise-scale production Cloud environments (AWS and container platforms (Kubernetes)). 

• DE configuring, testing, and maintaining Cloud-native security guardrails within public Cloud environments (AWS) using Identity and Access Management (IAM) services (service control policies, permissions boundaries, and custom roles and policies) and access control methods (AWS Systems Manager and permission restrictions with System Manager Documents). 

• DE developing automation pipelines with in-line Infrastructure-as-Code scanning capabilities (Linting tools for CloudFormation Templates) to block non-compliant resources before they are created. 

#PE1M2