Cloud Security Engineer

Responsibilities encompass collaborating with other DevOps and SysOps teams to transition public facing, on-premise applications to the cloud; securing the configuration management of the cloud infrastructure; mitigating risks, and applying security controls to improve visibility and diagnostics in compliance with Federal requirements and security best practices.

• Develop and deploy infrastructure as code (IaC) scripts to implement and optimize security controls and mechanisms of a cloud infrastructure.

• Act as the subject matter expert for cloud security and tools such as Security Information and Event Management (SIEM), access control mechanisms, Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).

• Monitor cloud infrastructure and pro-actively mitigate potential incidents before service degradation occurs.

• Provide guidance to the DevOps teams developing on public cloud platforms, advising on security standards for cloud deployment, and working to identify common patterns for template provisioning.

• Conduct assessments of security controls for new and existing cloud systems; create and maintain as-built system documentation, architecture diagrams, and online collaborative documentation.

• Determine security modes of operation and recommend new or revised security measures and countermeasures for current security challenges.

• Collaborate with team members to continue to evolve and implement a state-of-the-art secure cloud infrastructure.

Required Experience

• Requires bachelor's degree in computer science, cyber security, engineering, or a related technical field plus 7 years of related experience with 5 years being in cloud system administration and systems security administration. Additional experience can be substituted for a degree.

• Experience designing and implementing an enterprise-wide cloud security architecture.

• Proficiency with SIEM and vulnerability management solutions.

• Experience using common networking tools to aid in troubleshooting, including nmap, Wireshark, tcpdump, etc.

• Proficiency in one or more scripting languages: Python, Perl, PowerShell, or Bash.

• Proficiency with TCP/IP/UDP ports and protocols, IDS/IPS, Network Access Control List (NACL), Access Control Lists (ACL), and Security Group (SG) applications.

• Demonstrated ability to effectively communicate orally and in writing.

• Experience supporting a nationwide mid to large Federal agency enterprise is a plus.

• CISSP certification required.

• AWS Certified Security - Specialty, ISC2, or Cloud Security Alliance certifications desired.

• Must be able to obtain Level 2 Secret (ANACI) clearance.