Cloud Security Engineer
Detroit, MICHIGAN |
Post Date: 07/20/20
Job ID: 20-00749
- Drive cloud security engineering conversations for our enterprise IT and business IT teams in IaaS/PaaS/SaaS implementations. Actively assess existing Cloud implementations, identifying security issues and prioritizing fixes.
- Participate as an active member of Design & Build IT projects, steering Cloud configurations and services towards industry-leading security practices within domain expertise.
- Engineer and implement new Cloud security tools to feed our DevOps/SecOps processes to ensure the solvency of Cloud computing resources. Thoroughly understand DevOps ideologies with the ability to drive and communicate change supporting DevOps/SecOps methodology within the organization.
- Provide daily, ongoing security oversight of SecOps operations, to include the security impact of proposed modifications, additions, and technology implementation/refresh operations. Understand system security vulnerabilities and associated threats, and assess the overall security risks to the system.
- Evaluate and respond to alerts and events from the security tools, including tuning of tool configuration to minimize false positives. Develop event response documentation and processes for Security Operations Center to follow and appropriate escalation protocol.
- Work with governance, compliance, and risk management teams to ensure the system consistently meets the requirements for certification and accreditation. Work with the Cloud Operations teams in the definition and implementation of security standards and best practices. Work with Senior Technical resources for mitigation recommendations to reduce identified security risks.
- Perform system vulnerability scanning using approved software tools and ability to automate. Thoroughly understand software installations, systems monitoring and troubleshooting, account management, and overall efforts to minimize system downtime.
- Provide mentorship to other IT engineers, analyst and administrators
- Provide regular status reporting to key stakeholders on the overall cloud security, including plan execution and risk identification, prioritization and triage.
- Provide third-party security operations risk assessment, architecture reviews, and work with Engineering to develop integration plans that include remediation of identified weaknesses and/or implementation of compensating controls.
- Work directly with internal analytics team members to gather their requirements for use cases. Work with engineering to develop solutions that satisfies these requirements while not compromising security
Skills and Experience Required:
- BS in Computer Science or related field, or equivalent work experience
- 5+ years' experience leading Enterprise IT implementation and security automation
- 2+ years AWS implementation experience in the Enterprise or compliance space
- Experience performing threat modeling and design reviews for cloud technologies and software
- Experience performing security assessments and information system audits of network, operating systems, application security, as well as auditing IT processes
- Experience with drafting security standards and assessment reports
- Experience creating technical designs for new and existing environments
- Experience deploying and maintaining systems and applications within a secure, regulated environment; knowledge to design and implement security tests in accordance with stated criteria
- Possess clear understanding of security protocols and standards and have experience with software and security architectures; experience working with Cloud security and governance tools and server virtualization technologies
- Demonstrate an ability to bridge technology knowledge gaps between IT staff and corporate staff such as Legal, Compliance and Audit organizations
- Ability to define major milestones for a project and drive a task to completion
- Organized, responsive and highly thorough problem solver; strong communication skills
- AWS Certified DevOps Engineer – Professional Preferred
- AWS Certified Solutions Architect – Professional Preferred
- AWS Certified Security Specialty
- Deep and broad technical knowledge of and experience with IT security, cloud computing, compliance frameworks, Active Directory, identity and access management, service-oriented architectures, distributed systems, networking, modern application architectures, and the like; plus strong understanding of virtualization, storage systems, software-defined networks, Internet Protocol, high availability and high scalability using modern techniques (scale out versus scale up), etc.
- Experience with cloud deployment orchestration, automation, and security configuration management for AWS solutions (Terraform, Cloud Formation, Kubernetes, Docker, Serverless, Transient Clusters/Resources, etc.)
- Clear understanding of Agile, CI/CD, DevOps approach and how they impact risk management and compliance
- DevOps and scripting skills in at least one language (other than Bash), ideally Python
- Broad knowledge of programming languages, operating system principles, networking, and software development best practices.
- Experience with Linux/UNIX, Windows servers
- Experience understanding protocols, such as, SSL/TLS, CIFS, HTTP/S, DHCP, SMTP, LDAP/S, NFS, SNMP and DNS
- Experience in networking concepts and services, such as, VPNs, IPsec, PKI and TCP/IP; familiar with high-availability (HA) and failover implementations for network infrastructure and server systems
- Bachelor's degree in a field related to computer science or information technology or equivalent experience