Cloud Security Engineer

What you’ll do: 
General Duties and Responsibilities

Cloud Security Engineer duties and responsibilities include:
Lead the security efforts in helping to design scalable, cost-effective, and secure public cloud environments.
Work with cloud service providers (AWS, GCP, Azure, and OCI) to leverage built-in security features and services, where technically feasible.
Design secure cloud architectures and solutions that align with best practices and company requirements.
Implement and manage Identity and Access Management (IAM) policies to control access to cloud resources and ensure proper authentication and authorization mechanisms are in place.
Enforce the use of multi-factor authentication and role-based access controls to improve security.
Implement appropriate encryption mechanisms to protect data at rest and in transit.
Enable security policies to protect against unauthorized data access and leakage.
Align security controls to ensure compliance with data protection regulations and company policies.
Enable and manage security monitoring tools and systems to detect and respond to security incidents.
Partner with Security Operations to develop incident response procedures and analyze security alerts and logs to identify potential threats and vulnerabilities.
Participate in incident response and forensics activities as required.
Assess cloud environments for vulnerabilities and prioritize remediation activities.
Design and implement secure network architectures, including virtual private clouds, subnets, and firewalls.
Configure and manage network security groups, access control lists, and other network security controls.
Ensure cloud environments comply with relevant security standards and regulatory requirements and conduct audits/assessments to ensure compliance with controls.
Integrate security info DevOps pipelines where appropriate and use infrastructure as code (IaC) tools such as Terraform and CloudFormation to automate configurations.
Educational and Certification Requirements

A degree in Cybersecurity, Information Technology, Computer Science, Software Development, Engineering, or related engineering field with training in software security is desirable.

Industry recognized certifications are a plus.  Certifications may include:  CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), Software Security Certifications, such as Certified Secure Software Lifecycle Professional (CSSLP), GIAC (Global Information Assurance Certification), GSEC (Global Security Essentials Certification), GIAC Cloud Security Automation (GPCS), GIAC Cloud Penetration Tester (GCPN), GIAC Public Cloud Security (GPCS), AWS Solutions Architect (Associate/Professional), AWS Certified Security - Specialist.

Certifications issued by public cloud providers (AWS, Azure, Google, Oracle, etc.) is a plus.

Who you are:

General Knowledge, Skills, and Abilities

As well as formal qualifications, a Cloud Security Engineer should possess:

Experience developing and leading cloud services design and deployments in technology such as IaaS and PaaS.
Experience building and deploying cloud native solutions such as AWS, Azure, Google Cloud Platform, and/or Oracle Cloud Infrastructure.
Technical expertise in areas such as cloud storage, compute, databases, AIML, or Terraform.
Experience working with CI/CD pipelines, containerization technologies, and pipeline automation toolsets within an Agile/Scrum environment.
Able to read and develop scripting languages such as Python and Bash.
Understanding of controls (e.g., access control, auditing, authentication, encryption, integrity, physical security, and application security).
Ability to influence and build relationships with business and technology stakeholders and manage external/third-party vendors.
Strong understanding of serverless technologies and security implications deployed in public clouds.
Experience with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Products (CWPP).
Experience designing and implementing large scale platforms with high resiliency, availability, and reliability using public cloud infrastructure.
Conduct and facilitate security reviews, threat modeling including deep design reviews throughout the development lifecycle.
Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments, appropriately targeted for colleagues and upper management.
Versed in operating systems such as Linux as well as Windows environments, Active Directory, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, Threat and Vulnerability Management, and reviewing activity for suspicious or anomalous behavior.
Experience with vulnerability scanners, vulnerability management systems, patch management and host-based security systems.
Project Management are a plus.
Experience with the following technologies is desired:  SentinelOne Singularity Platform, Tanium, Google Chronicle SIEM, Cloudflare L3-L7 security technologies, Atomicorp (ModSec), Tenable.io, Lacework, Recorded Future, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, Virus Total, SiteLock, Monarx, NGNIX.
Experience with the native security service solutions for public cloud service providers (AWS, Google, Azure, Oracle) is desired