- Permanent
- $150000k/year - $180000k/year
2Bridge has been engaged in the search for a Cloud Security Engineer to join their client, a top wealth management firm!
They offer a comprehensive package including medical, dental, and vision plans along with a flexible spending account (FSA). 401(k) retirement savings plan, long and short-term disability and life insurance coverage, Paid time off, legal plan, paid parental leave.
The cloud security engineer reports to the Co-CISO and helps architect, deploy and operate a secure cloud application infrastructure. The position is responsible for supporting operational innovation and providing security direction to elevate the company’s security posture.
Responsibilities:
- Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
· Secure business applications and computing environments across public, private, or hybrid cloud infrastructures.
- Protect business applications in compliance with privacy, security, business resiliency, and compliance frameworks as defined in corporate policies.
· Maintain a consistent, secure environment using configuration management solutions (e.g., Puppet, Chef, Ansible, etc.).
- Ensure rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
· Deploy strong identity and access management (IDAM) controls across applications and computing environments.
- Assist with the development, maintenance, and utilization of scripts (e.g., Python, Ruby, etc.) to support custom extract, transform load (ETL) tools with a security focus for data flow.
· Attend regular technical project and implementation meetings, and serve as the security consultant to help guide secure application and infrastructure configurations.
- Actively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats posing risks to cloud computing environments.
· Manage remediation efforts after security assessment findings outline weaknesses requiring attention.
Requirements:
- A minimum of 2-3+ years exposure with Amazon Web Services (AWS), Microsoft Azure or VMware. Strong background in windows/Linux OS.
· Experienced in cloud networking architecture and cloud operations, with cloud access security broker (CASB) experience preferred.
- Familiarity with tools such as Git, Jenkins, Chef, Puppet, and Salt.
· Network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP, and public key infrastructure (PKI).
- IDAM experience, including OAuth and OpenID.
· Familiarity with security solutions (e.g., Twistlock, Aqua Security), as well as tools such as Docker, Kubernetes, and AWS CloudTrail.
- Experience with scripting languages such as Python, Ruby, PowerShell, and JavaScript.
· Experienced in the use of threat intelligence services in a production environment.
- Experience and understanding of various regulatory requirements and laws, including but not limited to the Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: ISO 27001/2, ITIL or NIST.
· Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
· Team leadership experience to help with the organizational and team dynamics in a growing field.