Cloud Security Engineer

Join Our Winning Team as a Cloud Security Engineer

Isn't it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We're more than just a company: We help millions of consumers make more-informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment. One last thing: Our four-day week continues in Summer 2024!

The Cloud Security Engineer role will play a pivotal role in safeguarding our organization's information systems, networks, and data assets from cyber threats. The successful candidate will join a team of talented security professionals, implement robust security measures, and contribute to the development and enhancement of our overall cybersecurity strategy.

At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together. This position will require 3 days per week in our Centreville, VA office subject to change with future business needs.

What you'll be doing:

• Engineer and maintain security solutions in a dynamic private and public cloud environment

• Secure applications and infrastructure in a large multi-account AWS Organization

• Conduct detailed assessments of systems, applications, and infrastructure to ensure they are appropriate, secure, and defensible based on least privilege

• Respond to and mitigate security incidents (ex. threat hunting, event analysis, investigations, post-incident analysis, etc.)

• Develop and implement security strategies and policies to protect the organization's cloud assets

• Integrate security tools into SIEM and SOAR platforms to feed to security operations

• Serve as a subject matter expert and provide expertise on topics related to cloud security

• Enhance enterprise security posture to better protect against attacks and detect new threat vectors

• Assess and analyze security risks, recommending and implementing measures to mitigate identified risks

• Self-organize and prioritize activities independently.

• Create and maintain documentation and perform status reporting.

What we're looking for:

• Bachelor of Science degree in Computer Science, Information Assurance, or a related field with a minimum of 5 years hands-on experience in a security engineering role

• Industry relevant professional certifications including but not limited to: CISSP, CCSP, GIAC Cloud Security Automation (GCSA), GIAC Cloud Penetration Tester, (GCPN), SANS GIAC Public Cloud Security (GPCS), CCSK, AWS Solutions Architect

• Associate, AWS Solutions Architect

• Professional, AWS Certified Security

• Specialty

• Strong understanding of security in core AWS services (EC2, ECS, Lambda, IAM)
• Strong understanding of serverless technologies and security implications deployed in public cloud

• AWS Lambda, Containers (ECS Fargate, EKS)

• Experience in engineering cloud security guard rails in AWS/Azure

• Expertise in securing container images at rest, build, and runtime

• Experience with Cloud Security Posture Management (CSPM) tools (ex. AWS Config, Cloud One Conformity, Wiz.io, AWS Security Hub, Azure Security Center)

• Experience with Key Management

• Privileged account management solutions in the cloud for key management, service account and secrets management, rotation, and event response, including tools such as Secret Server (Thycotic), Vault (HashiCorp), Cloud KMS, or similar tool set

• Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation

• Ability to mentor and train team members to work effectively and securely in the cloud

Highly preferred to have:

• Hands-on experience implementing security tools into CI/CD pipelines

• Experience with web application security and penetration testing

• Experience with Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions

• Experience with various virtualization and cloud technologies including on-prem virtualization, SaaS, PaaS, & IaaS

• Experience with both Windows & Linux based operating systems

• Knowledge of risk management and NIST Cybersecurity Framework controls

• Working knowledge with automation and monitoring platforms

• Experience operating security training and awareness programs

What's in it for you:

• Competitive compensation, benefits and generous time-off policies

• 4-Day summer work weeks and a winter holiday break

• 401(k) / DCPP matching

• Annual bonus program

• Casual, dog-friendly, and innovative office spaces

Don't just take our word for it:

• 10X Virginia Business Best Places to Work

• 9X Washingtonian Great Places to Work

• 9X Washington Post Top Workplace

• St. Louis Post-Dispatch Best Places to Work