Walker & Dunlop is one of the largest providers of capital to the commercial real estate industry. As a Senior Cloud and Software Development Security Engineer, you will secure the company’s cloud and application environments, design security architectures, and mentor teammates while ensuring compliance and fostering a culture of security by design.
Responsibilities:
- Lead and manage security projects
- Assess, design, and document security solutions and processes for Amazon Web Service (AWS) and Azure
- Direct tasks and develop milestones for Information Security projects in support of Information Security goals in line with the Company's direction
- Work with software developers on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built-in application security controls
- Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline
- Implement and automate “security as code” using cloud services and CI/CD components as necessary
- Design security architecture, methods, and controls required to meet security, compliance, and audit requirements
- Develop, review, and update a library of technical documentation
- Develop metrics and provide regular reports to senior management
- Set requirements and direct managed security service providers (MSSPs) to ensure that they are appropriately managing the services to provide security to the company
- Perform regular security audits and automated compliance checks on AWS and Azure resources
- Collaborate with SRE and development teams to ensure secure coding, build, and deployment practices
- Work closely with DevOps, SREs, and developers to champion a "security by design" culture
- Participate in security audits and formulate a plan of action and milestones to mitigate vulnerabilities
- Establish security baselines using best practices such as CIS benchmarks. Work with other teams to test and implement security baselines into cloud environments
- Maintain thorough understanding of new developments and techniques in cybersecurity, privacy, and compliance
- Represent Information Security in disaster recovery procedures and exercises
- In the event of an outage, assist with the execution of corporate disaster recovery plan
- Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status
- Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure
- Establish processes to perform regular reviews of security configurations of cloud and software development environments
- Develop vulnerability management processes and manage the process to remediate the vulnerabilities. Establish a process to escalate when vulnerabilities cannot be remediated in a timely manner
- Review security notifications from the company’s vendors to determine which vulnerabilities would cause an impact
- Assist in developing and enforcing data governance policies, data classification standards, and compliance workflows (e.g., GDPR, HIPAA, SOC 2)
- Provide 24/7 on-call support for security incidents related to network systems and infrastructure
- Perform other duties as assigned
Requirements:
- Bachelor's degree in computer science, information security, or related field, or equivalent professional experience
- 5+ years of experience in security engineering, DevSecOps, or cloud security
- Significant technical experience in AWS and Azure cloud computing technologies and automation (HashiCorp, Terraform, GitLab, JIRA, etc.)
- Experience in DevOps environments working with and influencing developers to maintain security through CI/CD processes
- Proficient and up to date with Azure and AWS
- Hands on experience with Azure Resource Manager, AWS CloudTrail, AWS IAM, AWS Security Hub, AWS Control Tower
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
- Knowledge of network based, system level, and application layer attacks and mitigation methods
- Experience extracting pertinent security data from SIEM solutions, audit logs, and reports
- Knowledge of technical security control environments and compliance frameworks including NIST Cloud Security Frameworks, CSA CCM, ISO 27017
- Extensive knowledge of cloud environments including security, configuration, and management
- Possess strong analytical skills and an ability to identify complex issues
- Possess strong interpersonal, organizational, customer service, and communication skills and an ability to interact effectively with a wide range of users of varying levels of technological expertise
- Must have documentable knowledge of cloud architecture, networks, security, network planning, and analysis
- Demonstrated experience implementing security policies and procedures
- Must work well within a deadline-driven environment
- Ability to show ownership of your work, take on challenges and acknowledge growth opportunities, and demonstrate patience when learning new processes
- Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders
- Industry certifications (e.g., CISSP, CCSP, AWS/Azure Security Specialty) preferred