Sentara HealthRemote
Senior Cloud Cyber Security Engineer - Remote
United States of America
Full Time
1 week ago
H1B Sponsor Likely
Key skills
ExpressAWSAzureGCPIAMCommunicationPenetration TestingNetwork SecurityCloud Security
About this role
Sentara Health is seeking to hire a qualified individual to join our team as a Senior Cloud Cyber Security Engineer - Remote. This role involves designing secure cloud architectures, conducting security assessments, and implementing identity and access management policies to ensure compliance and security in cloud environments.
Responsibilities:
- Design and implement secure cloud architectures, ensuring adherence to best practices and compliance requirements
- Collaborate with cloud architects and DevOps teams to integrate security controls and mechanisms into cloud environments
- Review and assess cloud infrastructure and service configurations to identify potential security risks and recommend necessary improvements
- Conduct regular security assessments, including vulnerability scanning, penetration testing, and security audits of cloud resources and services
- Identify and prioritize security vulnerabilities, misconfigurations, and compliance gaps, and provide recommendations for remediation
- Assist in implementing and maintaining security testing tools and automation scripts for continuous security assessment
- Develop and implement cloud-specific identity and access management (IAM) policies and controls to ensure appropriate access rights and permissions
- Monitor and review IAM configurations, roles, and access policies to prevent unauthorized access and privilege escalation
- Collaborate with identity teams to integrate cloud IAM with enterprise identity and access management systems
- Implement and manage cloud security monitoring tools and solutions to detect and respond to security incidents in real-time
- Establish incident response plans and processes specific to cloud environments, collaborating with incident response teams to investigate and mitigate cloud-related security incidents
- Conduct post-incident analysis and implement measures to prevent similar incidents in the future
- Ensure cloud infrastructure and services comply with relevant security standards, regulations, and industry frameworks (e.g., CIS, NIST, GDPR, etc.)
- Participate in security audits, assessments, and regulatory compliance activities, working with auditors to address findings and ensure compliance
- Stay updated with evolving cloud security trends, emerging threats, and regulatory changes, and provide guidance on implementing necessary controls
- Work with Governance team to conduct training and awareness programs for cloud users, developers, and stakeholders to promote secure cloud practices and awareness of cloud-specific security risks
- Provide guidance and recommendations on secure cloud architecture, configurations, and deployment practices to development and operations teams
Requirements:
- Proven experience (5 years) in cloud security roles, with a strong understanding of cloud platforms and services (AWS, Azure, or GCP)
- Deep knowledge of cloud security best practices, cloud-native security tools, and cloud service provider security offerings
- Experience with cloud security assessment tools, vulnerability scanning, and penetration testing techniques
- Familiarity with cloud identity and access management (IAM) concepts and frameworks
- Understanding of networking, encryption, and virtualization technologies as they relate to cloud security
- Excellent analytical and problem-solving skills, with the ability to effectively assess and communicate cloud security risks
- Strong written and verbal communication skills, with the ability to collaborate with cross-functional teams and provide security guidance
- Cloud security controls: Identity and Access Management (IAM), Encryption, Network Security, Compliance, Logging and Monitoring, Vulnerability Management, Disaster Recovery and Business Continuity, Cloud Access Security Broker (CASB), and Multi-Factor Authentication (MFA)
- Knowledge of various technical frameworks and concepts (MITRE ATT&CK, CIS, Kill Chain, etc)
- Experience working in a highly regulated environment
- Ability to express complex technical concepts in business terms
- Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently
- Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change
- Regularly interact with all levels of management to present and discuss control effectiveness
- Review and coordinate changes to cyber security policies, procedures, and standards
- Bachelors Degree + 5 years relevant experience may be accepted in lieu of degree
- No Degree + 7 years of relevant experience without a degree
- Required to have cloud cyber security experience