Humana Inc. is a leading U.S. healthcare company dedicated to improving health outcomes for millions. They are seeking a Senior Cloud Security Engineer to ensure cybersecurity policies are effectively deployed in cloud environments, automating security controls to mitigate risks and enhance compliance.
Responsibilities:
- Deploy and provide operational support for hierarchical NGFW policies in GCP using security tags, and automate configurations using Terraform and DevOps principles
- Manage and troubleshoot Azure Network Security Groups (NSGs) at scale, using Terraform to automate deployment, updates, and scaling of security rules across multiple environments, ensuring continuous network protection and performance
- Ensure all infrastructure changes are deployed through CI/CD pipelines using Terraform modules, following best practices for DevSecOps
- Develop and implement security policies, standards, and procedures for cloud-based applications and infrastructure employing Prisma Cloud's comprehensive security solutions, including Workload Protection (Compute), Cloud Security Posture Management (CSPM), and Code Security modules
- Integrate robust code security measures and scanning capabilities into CI/CD pipelines and other cloud workflows using IaC
- Implement and manage enterprise security policies using Prisma CSPM's advanced capabilities, including preventive guardrails and automated remediations, to ensure proactive measures are in place
- Leverage IaC and CI/CD to seamlessly deploy, patch, and upgrade Prisma Cloud and cloud-based security systems
- Configure vulnerability items, misconfigurations, and other alerts in Prisma Cloud, actively assisting stakeholders with timely remediation efforts
- Assist the SOC and Cyber Defense & Response Team during security incidents, involving timely configuration changes to Prisma and frequent participation on major incident bridges
- Manage user access in Prisma portal based on least privilege roles, and provide operations training and support, as needed
- Participate in a 24/7 on-call rotation to ensure rapid incident response, maintaining operational integrity and minimizing downtime across enterprise systems
Requirements:
- Bachelor's Degree in Computer Science, Information Technology, Cybersecurity or related field
- 7+ years of experience supporting and implementing multi-cloud security solutions with a focus on GCP and Azure, including configuration, deployment, troubleshooting, and ongoing maintenance
- 3+ years of direct, hands-on experience with GCP network access control and Azure NSGs, leveraging IaC automation (Terraform) for efficient and secure cloud operations
- Proficiency in deploying and managing NGFW policies using security tags and hierarchical firewall rules within GCP
- Strong ability to manage and troubleshoot Azure NSGs, leveraging Terraform for automation and scaling
- Experience implementing security policies via IaC using Terraform and managing deployments through Azure DevOps (ADO) and GitHub Actions
- Expertise in DevSecOps and shift-left principles, actively ensuring security risks and misconfigurations are addressed early in the development process
- Ability to work in a 24x7 on-call rotation, triage incidents, and participate in incident bridges with senior leadership teams (SLT)
- Proven experience in incident response and security operations, including assisting the SOC during critical events
- Capable of providing training and guidance to team members on cloud security best practices
- Certification in Prisma Certified Cloud Security Engineer (PCCSE) and/or Palo Alto Networks Systems Engineer—Prisma Cloud Associate desired
- Additional certifications such as CISSP, CCSP, Security+, or relevant tracks for Azure and GCP
- Advanced experience with Terraform and managing large-scale IaC automation through CI/CD pipelines
- Experience implementing and managing Policy as Code (PaC) in cloud environments, including Azure Policy, GCP Organizational Policy, or HashiCorp Sentinel
- Familiarity with Agile methodology, including Scrum and Kanban frameworks
- Proficiency with scripting languages such as PowerShell, Python, YAML, and Bash
- Experience troubleshooting Linux environments using tools like cURL, tcpdump, netstat, etc