Cyber Security - Sr. Cloud Security Engineer (Remote)

Job Description

Summary:

As a member of the Information Security team, the Cloud Security Senior Engineer will be responsible for developing, implementing, and operating cloud security solutions and controls to address the current and emerging security and compliance needs of the business. The engineer will serve as a cloud security expert, integrating sound practices from Identity and Access management, monitoring, platform standards, network segmentation and interconnection, encryption, and more into the CHS cloud platforms. The engineer will contribute to technology decisions to reflect approved security architectures, business impact and exposures, emerging threats, vulnerabilities, regulatory requirements, and risks. The engineer will work with Enterprise Architects, other functional area architects, and security specialists to ensure adequate security solutions are in place throughout cloud IT systems and platforms, and will communicate the risks and solutions to business and IT partners.

Essential Duties and Responsibilities:

• Define and document security standards for Cloud platforms, and follow them from initial idea to completion and governance. Collaborate with internal IT teams for implementing secure policies and settings within Cloud platforms, such as Infrastructure-as-a-service (IAAs), Software as-a-service (SAAS), and Platform as-a-service (PAAS). Coordinate the implementation of security standards for common Commercial off-the-shelf (COTS) applications and services within Cloud, including assisting with log aggregation and SSO/SAML integrations.

• Implement least privilege access policies and restrictions within common Cloud infrastructure platforms (Azure, AWS, Google Cloud Platform, Oracle)

• Contribute to and maintain security standards based on National Institute of Standards and Technology (NIST) recommendations, specifically NIST 800-53

• Provide security review for reference architectures provided by Information Technology architecture and internal security architecture teams. Provide Engineering review for Security Risk Assessments associated with Cloud platforms.

• Implement new toolsets related to cloud security, as well as automation and continuous development of cloud security processes, both operational and technical. Partner with architects to develop and implement enterprise information security cloud architectures and solutions.

• Develop documentation for all facets of Cloud configurations including: identity and access management, network segmentation, application security, data protection, encryption, and others. Support security teams with implementation of incident management and red team processes, privileged access management strategy, and vulnerability remediation

• Participate in DevSecOps processes and applications for automation including: Github, DAST/SAST tools, Code review processes

• Business and Soft Skill expectations:

• Communicate and interact effectively and professionally with co-workers, management, customers, etc.

• Maintain complete confidentiality of company business.

• Communicate with management regarding development within areas of assigned responsibilities and perform special projects as required or requested.

Qualifications:

• Required Education: High school diploma

• Preferred Education: Bachelor's or Master's Degree in Cyber Security, Computer Science, Information Systems (or other related field), or equivalent work experience.

• Required Experience:

• Duration:

• 3+ years of IT or information security, and

• 1+ years of cloud technology

• Activities:

• Designed and implemented technologies within cloud platforms.

• Served as expert thought leader for cloud technology and influenced the strategy to address internal or external business and regulatory issues.

• Worked in process-driven structured environments, and participated in process optimization activities.

• Competencies:

• Advanced knowledge of security principles, issues, techniques and implementations across cloud platforms.

• Proactive identification and solving of complex problems

• Strong understanding of systems development lifecycle to provide technical leadership for multifunctional projects or initiatives.

• Effective communication of technical concepts to a non-technical audience.

• Excellent written and verbal communication skills

• Preferred Experience: 2+ years of cloud security

• Required License/Registration/Certification: None

• Preferred License/Registration/Certification: CISSP, CCSP, GCSA

• Computer Skills Required: Productivity suite software

Physical Demands:

In order to successfully perform this job, with or without a reasonable accommodation, the following are outlined below:

• The Employee is required to read, review, prepare and analyze written data and figures, using a PC or similar, and should possess visual acuity.

• The Employee may be required to occasionally climb, push, stand, walk, reach, grasp, kneel, stoop, and/or perform repetitive motions.

• The Employee is not substantially exposed to adverse environmental conditions and; therefore, job functions are typically performed under conditions such as those found within general office or administrative work.