Senior Cloud Security Engineer
Vital Tech Solutions
- Southfield, MI
- Permanent
- Full-time
- Design and Implement cloud security architecture using zero-trust principles.
- Automate security controls, data, and processes to provide better metrics and operational support using security-as-code.
- Configure network security including in a hybrid context with traditional network centric controls
- Design and Implement host-based security monitoring (E.g. AWS Inspector), network security tooling, or other infrastructure related security projects.
- Assess and support application migration efforts including but not limited to network connectivity architecture.
- Conduct Threat modeling to support business requirements.
- Define and implement IaC validation to prevent insecure configuration from being deployed.
- Configure access within the cloud environment using the defense-in-depth principle.
- Assess cloud systems and infrastructure to identify potential weaknesses or problems and upgrade software, VMs, containers to ensure optimal performance of cloud environment and security tools,
- Develop automated security compliance, remediate misconfigurations, vulnerabilities in the code/configurations.
- Lead cloud security issue remediation, troubleshooting and continuous improvement efforts including collaborating with stakeholders to improve overall application security posture.
- Support Cloud Security Maturity Assessment processes with automated security reviews.
- Implement and configure security controls and policies, manage access to data, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.
- Take ownership of new initiatives, work with internal security teams, ESS, engineering, and product functions to deliver actionable intelligence or solutions that will lower risk.
- Support our DevOps and infrastructure engineers to implement security best-practices and enable secure development and release processes.
- Impact Analysis: Understand the rationale behind and how changes impact the enterprise and/or applications and across the technical ecosystem.
- Solution Design: Ability to translate high level requirements to create and implement designs that meet the needs of the customer, are technically sound, maintainable and cost effective.
- Technical Domain: Have an understanding of the technical domain, including the application architecture, secure design and data of the application they support and systems to which it interfaces.
- Testing Techniques: Understand the range of testing techniques available well enough to select the most effective test procedures.
- Bachelor’s degree in Computer Science, Information Systems, or closely related field of study or equivalent experience
- 6+ years of experience in the Information Security field
- 4 years of experience deploying services on public cloud infrastructure such as Amazon Web Services (AWS) or MS Azure
- Experience architecting solutions within Amazon Web Services (AWS) or MS Azure
- Experience performing design reviews to assess security implications and requirements for introduction of new technologies.
- Experience deploying and customizing security tools to address threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, IDS/IPS, malware analysis, network traffic flow and packet analysis, cloud security posture management (CSPM), etc.
- Knowledge of networking and web protocols (TCP/IP, HTTP, TLS, REST), and the ability to analyze traffic to find anomalies.
- Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
- Must have hands-on experience with AWS and Linux in a production environment.
- Experience of Hybrid/Multi-cloud network design and configuration (example: AWS Direct Connect)
- Knowledge of Federated Identity, RBAC, authentication & authorization solutions, etc.
- Working knowledge of secure-cloud configuration, (e.g., CloudTrail, AWS Config), cloud-security technologies (e.g., VPC, Security Groups) and Cloud infrastructure entitlement management (CIEM).
- Familiarity with industry compliances such as SOX, GLBA, ISO 27002, or PCI-DSS
- Working knowledge of CIS, CSA and NIST best practices.
- Demonstrated ability to collaborate with other teams to achieve complex objectives.
- AWS Certified Solutions Architect – Associate or Professional certification
- Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).
- Strong Experience on networking tasks, e.g., IP subnetting, Network Security Groups, routing, Firewall, Direct Connect, ExpressRoute, load balancer, proxy, DNS etc.
- Experience with service-oriented architecture for cloud-based services.
- Experience using CI/CD pipelines to perform automated security testing and change management.
- Expert in VMs, Container, Container Registry, Docker, Kubernetes security design and implementation etc.
- Deep understanding of Cloud-Native Application Protection Platform (CNAPP)