AWS Cloud Security Engineer

Role Overview

• Design, manage, support, and implement cloud security policies, services, and projects.
• Provide architectural security guidance in compliance with industry standards (HIPAA, NIST, CIS) for public cloud environments.
• Review and provide security-significant feedback on designs and proposed changes submitted by others within the organization.
• Frequently communicate and present technical data to audiences with varying levels of technical knowledge.
• Frequently communicate with and present to upper management.
• Manage cloud firewall, DLP, and vulnerability scanning technology.
• Support L1 in resolving cloud-security related issues and follow/improve documented Incident Response playbooks
• Research new technology and assist in proof-of-concept testing.
• Document security standards and processes.
• Work with other internal BMC Security / infrastructure teams to remediate vulnerabilities and other security issues.
• Contribute to design decisions for new technology or existing technology being used in a new way.
• Coordinate findings remediation of known vulnerabilities within the organization’s cloud presence.
• Assist in the education of the workforce on security topics through training and awareness opportunities.
• Provide less experienced security engineers with feedback and guidance on projects and skills development.

Requirements

• Bachelor’s degree in Computer Science, Engineering, or related discipline; equivalent experience acceptable
• CCSP, CISSP, CEH, Security+, or other security related certifications preferred
• 3+ years of experience managing information security in a public cloud environment (AWS, Azure, GCP)
• Strong, demonstrated AWS expertise required
• 4+ years of experience in information security
• 7+ years of experience in IT (information technology), preferentially with development, network, or systems administration experience
• Healthcare domain knowledge and working in regulated environments is a plus (HIPAA, HITRUST, SOC2, PCI-DSS)
• AWS Certifications, Architect Associate or Professional required.
• Expert-level knowledge of AWS GuardDuty, Security Hub, Macie, Inspector, Trusted Advisor
• Knowledge of Edge protection technologies such as AWS Shield, WAF, CloudFront
• Strong working understanding of Identity and Access Management (IAM) and SSO Integration via Active Directory (Azure AD / ADFS)
• Experience working in organizations with top level Control Tower or Landing Zone Accelerator (SCP’s, Guardrails, Config Rules, etc.)
• Experience with monitoring systems such as CloudWatch / VPC Flow Logs and other industry standard visibility platforms (Splunk, DataDog, Dynatrace, New Relic, etc.)
• Experience with Logging and log monitoring (CloudWatch and CloudTrail) both for security and compliance efforts
• Proficiency with one or more scripting languages (python, json, yaml, bash, etc.)
• Proficiency with Infrastructure as Code (IaC), including CloudFormation and/or Terraform
• Understanding of CI/CD on AWS platform
• Expert knowledge of AWS network and security features (VPC, Security Groups, NACLs, ALB/NLB, Transit Gateway, etc.)
• Experience supporting applications with native services and serverless architecture (Lambda) on AWS platform
• Strong understanding of high availability solutioning (multi-AZ / regions, Backup) and how security fits into this model
• Demonstrated history of moving mission-critical applications from the data center to AWS
• Ability to effectively adapt to rapidly changing technology and apply it to business needs.

Tech Stack

• AWS
• Azure
• Cloud
• Google Cloud Platform
• Python
• Splunk
• Terraform

Benefits

• health insurance
• dental insurance
• vision insurance
• generous total compensation
• paid time off
• career advancement opportunities