Key skills
AWS SecurityMS365 SecurityCrowdStrikeCoro SecurityEmail Security PlatformsKnowbe4Microsoft Security ToolsAWS IAMThreat DetectionVulnerability ManagementSecurity MonitoringIncident ResponseSIEMNetworkingOperating SystemsSecurity TechnologiesSecurity ProtocolsSecurity Log AnalysisNetwork Traffic AnalysisSecurity Incident ResolutionCISSPSecurity+CEHAWSIAMSDLCRisk ManagementCollaborationPenetration TestingCloud Security
About this role
Tillman Fiber is seeking a highly skilled Security Engineer with extensive experience in cloud security, particularly within AWS and MS365. The role involves designing, implementing, and managing security measures to protect the AWS & MS environment and ensure the integrity, confidentiality, and availability of data and systems.
Responsibilities:
- AWS Security Architecture: Design and implement robust security architectures and controls within AWS environments, ensuring compliance with best practices and organizational policies
- Security Monitoring & Incident Response: Deploy and manage security monitoring tools like CrowdStrike and Coro/Mimecast to detect, investigate, and respond to security incidents and vulnerabilities in real-time
- Identity & Access Management (IAM): Develop and manage AWS IAM policies, roles, and access controls to enforce least privilege and secure access to AWS resources
- Threat Detection & Vulnerability Management: Implement and maintain advanced threat detection and vulnerability management strategies within the AWS & MS environments, utilizing tools such as CrowdStrike, Coro, MS Defender and Guard Duty
- Compliance & Risk Management: Ensure AWS & MS environments comply with relevant security standards and regulations (e.g., ISO 27001, NIST, GDPR) and manage risk assessments and audits
- SIEM: Perform daily system monitoring and reviewing log data, build searches, check alarms, drill down through log sources, identify event logs
- Collaboration: Work closely with DevOps, engineering, and IT teams to integrate security best practices into the software development lifecycle (SDLC) and operational workflows
- Monitoring and Analysis: Security analysts constantly monitor networks and systems for suspicious activity, security breaches, and potential vulnerabilities
- Incident Response: They investigate security incidents, analyze their impact, and take necessary actions to contain and resolve the issue
- Vulnerability Assessment and Penetration Testing: Identify weaknesses in systems and networks through vulnerability scans and penetration tests and then recommend solutions to mitigate these risks
- Security Policy and Implementation: Contribute to the development and implementation of security policies, procedures, and standards to protect sensitive information
- Security Awareness Training: Educate employees and users about security best practices, helping to prevent human error-related security breaches
- Security Audits and Compliance: Conduct regular security audits to ensure compliance with relevant regulations and standards
Requirements:
- Extensive experience in cloud security, particularly within the AWS and MS365
- At least 5 years of AWS security experience
- Proficient with security tools such as CrowdStrike, Coro Security or similar email security platforms, Knowbe4 and Microsoft
- Design and implement robust security architectures and controls within AWS environments
- Deploy and manage security monitoring tools like CrowdStrike and Coro/Mimecast
- Develop and manage AWS IAM policies, roles, and access controls
- Implement and maintain advanced threat detection and vulnerability management strategies
- Ensure AWS & MS environments comply with relevant security standards and regulations (e.g., ISO 27001, NIST, GDPR)
- Perform daily system monitoring and reviewing log data
- Work closely with DevOps, engineering, and IT teams to integrate security best practices
- Constantly monitor networks and systems for suspicious activity, security breaches, and potential vulnerabilities
- Investigate security incidents, analyze their impact, and take necessary actions
- Identify weaknesses in systems and networks through vulnerability scans and penetration tests
- Contribute to the development and implementation of security policies, procedures, and standards
- Educate employees and users about security best practices
- Conduct regular security audits to ensure compliance with relevant regulations and standards
- Strong knowledge of networking, operating systems, security technologies (firewalls, intrusion detection systems, etc.), and security protocols
- Ability to analyze security logs, network traffic, and other data to identify potential threats
- Ability to identify, analyze, and resolve security incidents and vulnerabilities
- Ability to communicate security risks and recommendations effectively to both technical and non-technical audiences
- Industry certifications like CISSP, Security+, or CEH can be beneficial