Title: Cloud Security Engineer
Job Type: Full time/contract
Salary: Open (between $70-90/hr W2, no c2c)
The Cloud Security Engineer is a part of the Cloud Solution Center that reports to the office of Cloud Security Program & Governance (CSPG) and is responsible for delivering cloud solutions that accelerate the delivery of both revenue-generating and internal applications. The team specializes in digitizing the firm’s best practices and instantiating them as platform tool configurations and automations that drive agility while providing a secure and resilient hosting environment.
The cloud engineer is a critical thinker and problem solver with a business-first mindset. As a member of the Platform Engineering team, you will lead the design and development of our core global cloud platform capabilities across multiple cloud providers including Amazon AWS, Microsoft Azure and Google Cloud Platform.
Your responsibilities include partnering with cloud providers, architects, security, compliance & governance and other engineering teams in developing & engineering our global cloud platform as well as providing best practices and approaches to ensure security of cloud solutions. You will be challenged to create strategies that ensures the secure consumption of the platform through continuous innovation, simplification, decentralization and self-service automation.
Role and Responsibilities:
- Partner with infrastructure and cloud platform teams to embed security best practice into infrastructure as code and development lifecycles
- Automate security controls that protect data and processes to enhance operational support
- Write, deploy, manage, and troubleshoot Policy/Config-as-Code controls
- Azure Policy & Functions, AWS Config, AWS Cloud Formation, AWS Functions & Step Functions, GCP Deployment Manager & Cloud Functions
- Terraform enterprise
- Working experience with IAM in AWS, Azure, GCP
- Automate and pipeline the deployment of various workloads
- Azure DevOps
- Deploy and manage cloud infrastructure
- Understanding of secrets management
- Azure KeyVault
- AWS Secrets Manager
- GCP Secret Manager
- Cloud Watch Monitoring (and similar services in Azure and GCP) and implementation using Automation configuration management tools like chef, Puppet, SSM etc.
- Architect and consult on approaches to security domains across Azure, AWS, and GCP
May include other responsibilities as assigned
• Bachelors experience in Information Security, Engineering, Computers Science, or related field
• 5+ years’ security engineering experience in a team-based enterprise cloud environment
• Ability to operate within a cross functional team (i.e. DevSecOps)
• Understanding of advanced cloud networking concepts
• Understanding of cloud architecture to promote and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform, and software as a service)
• Experience implementing and operating best practices with the ability to define operational processes, implement DevSecOps, deployment checklists, etc.
• Ability to prioritize and make timely decisions; correlate data using standard business and technology tools and approaches, spot trends and apply sound security and risk management principles
• Practical knowledge and/or implementation experience in security frameworks
Additional Technical Background
• Experience with:
• 3+ years with cloud-based platforms (AWS, Azure, GCP) in an enterprise environment
• Cloud-based security tools (CloudTrail, WAF, Security Center, etc.)
• Source code management tools (Git, SVN, etc.)
• Code scanning tools (Dynamic, Static and Opensource)
• Web services, API, REST, RPC
• Infrastructure as Code (CloudFormation, Azure Policy, Terraform) preferred
• Vulnerability Management solutions (Qualys)
• Knowledge of: Security frameworks such as NIST 800-53, CIS, HITRUST, MITRE and OWASP