Senior Cloud Security Engineer


Long term Cloud Security Engineer position supporting DHS.

 Senior Cloud Security Engineer will perform a variety of complex technical tasks applied to specialized technology and cybersecurity challenges. The Senior Cloud Security Engineer is responsible for the integration and hands-on implementation of new capabilities and managing existing capabilities for federal agencies in support of the CDM project or customer requirements.
The Senior Cloud Security Engineer will work closely with architects, engineers, and integrators to assess customer requirements and to design establish or extend CDM asset-based security capability including Cloud and Mobile assets to support CDM dashboard data requirements. Additionally, you will serve as a trusted advisor, providing subject matter expertise, guidance, and best practice recommendations.
  • Create solutions to improve data quality, security, and compliance or extend current capabilities and offerings to customers.
  • Work with cross-functional technical teams including architects, developers, and system engineers to create holistic, automated solutions to achieve CDM integration and implementation activities at federal agencies and data reporting to various dashboards.
  • Lead technical discussions with internal and external customers
  • Work closely with Federal Agency network and operations teams to establish and document requirements to complete implementation and configuration tasks
  • Work with architects, developers, and engineering teams to establish technical implementation plans to support automated discovery, collection, reporting of data elements necessary to populate defined master record data repositories
  • Support architecture and implementation of CDM tools for customer on premise or in Cloud Service Provider (CSP) infrastructure
  • Develop installation, configuration, and deployment methods including scripting, use of APIs, orchestration, automation, and database services to support the integration and configuration of CDM applications and security technologies
  • Support on premise and cloud deployments of CDM tools such as Forescout CounterAct, McAfee ePO EP and Application Control, Rapid 7, Carbon Black, Tenable SCCV, Splunk, Red Hat FUSE, Venafi, CyberArk, SailPoint, CA-PAM, RSA Archer and/or IBM Big Fix or other security tools in support mission objectives as necessary
  • Develop or maintain detailed installation and configuration documentation, SOPs, or best practice documentation
  • Cross-train other engineers or users in implementation or configuration methods used.
  • Act as an escalation point for Cloud security and product development issues
  • Provide Tier 3 support to customers and act as the subject matter expert for cloud related technologies
  • Plan and deploy patches and upgrades for cloud related technologies
  • Develop and maintain installation documentation and SOPs as required
Position Qualifications:
  • A Bachelor's degree with 8+ years’ experience
  • A minimum of 3 years’ experience implementing Cloud offerings and services from providers such as AWS, Microsoft Azure, Salesforce, Microsoft O365, etc.
  • AWS, Azure, or similar advanced professional Cloud certifications required
  • Experience with Amazon Web Services (AWS) such as IAM, EC2, EBS, ELB, RDS, S3, Route 53, Gateways, VPCs, CloudWatch, APIs and scripts, or similar Cloud stack solution highly desirable
  • Understanding of some of the CDM tools such as Forescout CounterAct, McAfee ePO EP and Application Control, Rapid 7, Carbon Black, Tenable SCCV, Splunk, Red Hat FUSE, Venafi, CyberArk, SailPoint, CA-PAM, RSA Archer, IBM Big Fix
  • Progressive subject matter expertise and experience in information technology, networking, and security concepts, mechanisms, and tools
  • Candidate must have excellent oral and written communication skills Senior Cloud Security Engineer
  • Experience with Cloud Infrastructure Definition/Provisioning tools
  • Experience with VMware virtualization technologies, including one or more: ESXi, VMware View, vCenter Server, vCloud Director.
  • Experience using key technologies relevant to API and application integration including SSO, SAML, JASON, PKI, SSL, REST, XML, DHS, DHCP, AD/AD FS, LDAP, JDBC, ODBC
  • Experience with Microsoft SQL Server or other relational databases, relational data models, developing SQL queries, and stored procedures.
  • Understanding of cloud services use of encryption, tokenization, or content redaction at the field and file level.
  • Understanding of application security and network protocols such as S/MIME, SSH, web-based transactions using SSL/TLS, VPN/IPsec.
  • Knowledge of configuration management tools
  • Experience establishing device segmentation and restricting devices based on role, classification, compliance, location, port and security groups
  • Familiarity with software development lifecycles
  • Work experience with information and application security concepts, mechanisms, and tools.
  • Microsoft Certified Azure Solution Architect or Azure Developer certification or AWS Certified Solution Architect or AWS Certified Big Data is a plus.
  • Cloud Access Security Broker (CASB) and Shadow IT Cloud services, technologies, and integration.
  • Experience performing Big Data analyses
  • Experience with implementing and managing enterprise device types, operating systems (Windows and UNIX), Active Directory and Windows domain management including group policy objects.
  • Knowledge of the various Cloud services and capabilities of computing platforms (AWS/Azure/GCP)
  • Knowledge of asset management as it pertains to Cloud and Mobile asset.
  • Experience developing cybersecurity solutions across a diverse and heterogeneous IT environment and providing IT Service Delivery to multiple U.S. Government Agencies.
  • Experience supporting Incident response and handling; scanning for malicious content, automation, and aggregation of intelligence data.
  • Experience with architecting, designing, integrating, or implementing CDM Phase 1 and/or Phase 2 capabilities is a plus.
Must be capable of attaining DHS Suitability and Public Trust 6C Clearance or above. Active Secret clearance or above is preferred.