Cloud Security Engineer

Excel Talent Solutions

Security Engineer with a strong background in DevSecOps, Security Engineering, Risk Assessments, and Cloud Security


Overview
Our client is a well-known organization headquartered in Chicago and has a rich 150+ year history. In IT, this organization is investing heavily in modernizing technology which is including a shift toward cloud technology.  This individual will play a key role in securing new technology and solutions through the design, implementation and maintenance of platforms and operations.  
  
About half of this person’s accountability will be centered around security operations including processes, monitoring, configuration, and maintenance.
  • Partner with infrastructure teams to embed security best practice into infrastructure as code and development lifecycles
  • Create, manage, distribute, use, store and revoke digital certificates and public-key encryption
  • Apply incident response playbooks focused on cloud-based systems; with development and platform teams, develop workflows that promote DevOps/DevSecOps methodologies
  • Automate security controls that protect data and processes to enhance operational support
  • Monitor and audit networks and cloud system and service changes
  • Ensure network security best practices are implemented through networking devices: router, switch and firewall, and advance threat protection capabilities
  • Implement strong authentication of users and drive the demand for safe, secure transmission of data
  
The other half will focus on developing secure desktop, cloud, and network environments while assessing and communicating security risks related to the cloud.
  • Analyze and make recommendations to enhance our security posture within cloud and hybrid environments and associated services and configurations such as public key infrastructure (PKI)
  • Provide security guidance during integration of infrastructure and development of new business solutions within cloud environments
  • Employ cloud-based APIs when suitable to write network/system level tools for safeguarding cloud environments
  • Engineer network systems, including solutioning secure design concepts to support major changes to network architecture, infrastructure and remote access solutions
  • Partner with network and applications teams to expand use cases that enhance security controls such as confidentiality and integrity to protect critical business functions and access to sensitive data
  • Perform threat modeling and risk assessments using standard security frameworks for cloud services
  • Perform assessments following a standard format to evaluate cloud trust and identify cyber risks spanning IaaS, PaaS and SaaS services
  • Communicate best practices to ensure security, privacy, and compliance requirements are integrated into cloud and hybrid solutions
  
What they are seeking:
  • Bachelors experience in Information Security, Engineering, Computers Science, or related field along with 5+ years’ security engineering experience in a team-based enterprise cloud environment
  • Ability to operate within a cross functional team (i.e. DevSecOps)
  • Understanding of advanced cloud networking concepts
  • Understanding of cloud architecture to promote and develop new designs and security strategies across all types of cloud-based applications (including infrastructure, platform, and software as a service)
  • Experience implementing and operating best practices with the ability to define operational processes, implement DevSecOps, deployment checklists, etc.
  • Ability to prioritize and make timely decisions; correlate data using standard business and technology tools and approaches, spot trends and apply sound security and risk management principles
  • Practical knowledge and/or implementation experience in security frameworks 
Additional Technical Background
  • 3+ years with cloud-based platforms (AWS, Azure, etc.) in an enterprise environment
  • Cloud-based security tools (CloudTrail, WAF, Security Center, etc.)
  • Source code management tools (Git, SVN, etc.)
  • Programming languages (Java, JavaScript, Python, etc.)
  • Web services, API, REST, RPC
  • Infrastructure as Code (CloudFormation, Terraform) preferred
  • Knowledge of Security frameworks such as NIST 800-53 and OWASP; Security monitoring tools including antivirus, intrusion detection/prevention and SIEM; User authentication such as Virtual Private Networks (VPNs), SSL, corporate wifi, device identity, 802.1x port-based authentication, server identification, authentication of web applications, S/MIME Email Signing
  • Administration of Azure suite, including: Azure Active Directory, Conditional Access, Intune, Mobile Application Management, Microsoft Cloud App Security and/or advanced Azure security services like Azure Security Center, Advanced DDoS Protection, Azure Firewall, and Azure WAF
  • Administration of AWS security services and related best practices: GuardDuty, Cognito, Inspector, Detective and advocate AWS Identity & Access Management (IAM)
  • Operating systems: Windows and Linux