Role: Senior Cloud Security Engineer
Location: Hybrid – 3 days in office, 2 days remote
Contract Length: 3-month CFH
Responsibilities
High level brief skill requirements.
- Cloud Security Skills
- Cloud Security Risk Analysis
- Detection and Response Processes
- Cloud Security Posture Management Tools and Processes (CSPM) (Renamed)
- Strong AWS IAM Management
- Cloud Identity Entitlement Management Tools and Processes (CIEM) (New)
- Cloud Penetration Testing
- IaC Scanning
- Vulnerability Management and Mitigation
- AWS Cloud Trail and Splunk Queries
- Zero Trust Principals
- Cloud Disaster Recovery and Business Continuity (New)
- AWS Identity Center (New) Familiar with the AWS Serverless stack to assist with troubleshooting
- Lambda, API Gateway, Cloudfront, S3, Route 53 IaC Best Practices for standardized cloud infrastructure solutions
- Terraform HCL and managing solutions across 150+ accounts
- Python for scripting solutions and basic platform solutions using Lambda and containers
- Github and GitLab for IaC management and deployment pipeline creation
- AWS Organizations
- AWS Control Tower
- AWS Account Factory (New) Solutioning especially around AWS Network Services
- AWS Solutions Architect Associate (Preferred)
- Transit Gateway
- VPC Peering
- Security Groups
- Good understanding of basic networking Soft Skills
- Strong Communication both written and verbal
- Ability to drive and manage their own projects
- Ability to lead project and organize work and drive to conclusions
- Azure Experience as a Bonus
- College Degree not required but desirable
- A strong candidate would be expected to contribute to the vision of the FHR Cloud Infrastructure and Security team.
- "Enable FHR to utilize cloud technologies in which they are easily consumable, cost efficient, reliable, and secure so that FHR's cloud adoption provides FHR an advantage for enabling digital transformation. "
The Cloud Infrastructure and Security Team is responsible for:
- Cloud Security Operations
- Security Vulnerability Discovery and Remediation - Responsible for using CSPM, CIEM, security tools, security reviews, and any other means to find areas of cloud security risk for FHR. Create monitoring and alerting processes and set expectations with customers on how to remediate the cloud misconfigurations which put our applications at risk and other security vulnerabilities within a standard SLA. Responsible to analyze the situation to understand the real risk and communicate that with the stakeholders on what risk is recommended to accept and which risk should drive action. Prioritizes vulnerabilities so that higher risk findings are addressed first. Works with software engineers and product teams to ensure good software development practices are being used to deploy secure solutions. Responsible for recurring reporting of cloud security risks to IT directors.
- Workload Protection Services via Web Application Firewall Management - Responsible for the creation and deployment of standard WAF rules across our workloads. Monitoring traffic for effectiveness of security protection and to catch any potential false positives. Responsible for other protections for internet-facing workloads. Responsible for creating custom rules to ensure protection of workloads without creating disruption. Logging of requests to assist with troubleshooting and reporting. Escalation of security incidents with the security operations center.
- Remote Access Solutions - Design and implement remote access solutions for administration of cloud-based workloads. Automation and implementation of Zscaler ZPA or AWS Client VPN services. Work in coordination with our Cloud Operations team to fulfill these requests.
- Cloud Infrastructure Operations
- Cloud Infrastructure - Responsible for troubleshooting any cloud infrastructure issues with software engineers. Including connectivity issues, capacity, and performance issues. Responsible for ensuring ownership of the cloud infrastructure is defined well and all resources are owned.
- IAM Management Services - Creates and tests standard roles and policies for the company to use using least privilege principals. Monitors for overprivileged roles and works with customers to remediate the risk. Assists software engineers with IAM role and policy creation to ensure least privilege. Manages the roles and policies via Terraform deployed through a Gitlab pipeline to ensure standards are deployed consistently and enforced. Creates and tests new AWS service control policies. Deploys all changes using standard change control processes to reduce the risk of unplanned events.
- EC2 Management - Responsible for server creation automation which is used by the server management team. Escalation point for the server management team regarding cloud-specific EC2 and EBS issues. Knows the hybrid cloud networking design and assists with design changes and troubleshooting. Ensures that EC2s in our hybrid cloud environment are positioned for long-term success which enables the server team to manage them.
- Cloud Service Management - Responsible to review cloud services for security risks and supportability concerns. Will collaborate with customers to understand their needs and determine if a new service should be used or if existing reference architectures should be used. Will enable new cloud services by implementing new standards and reference architectures for the solution which ensures consistency and supportability.
- Application Cloud Infrastructure - Coordinates with software engineers and software architects to design and create solutions for applications in the cloud. To creating and maintaining standard solutions which can be deployed by software engineers. Assists software engineers and software architects with experimentation on new services.
- Cloud Financial Operations
- Operate our finops program that enables our software engineers and product teams to be cost efficient with our cloud spend. Discover cloud cost trends and anomalies and collaborate with product teams and software engineers to take corrective action. Create automation for remediation when necessary. Perform analysis on costs to understand if application design changes may be required or just small configuration changes are required to ultimately keep our workloads cost efficient. Provide rightsizing information for the cloud services with the most significant spend. e.g. compute and storage. Provide recurring executive level reports to ensure IT directors are seeing trends and how their teams are impacting the overall cloud cost spend.
Equal Opportunity Employer Minorities/Women/Veterans/Disabled
