4 days per week onsite in Downtown NYC
Cloud Security Engineer
Permanent role - 160K base salary + benefits
Role Summary
*This position is highly technical.
The Cloud Security Engineer is responsible for testing, installing, configuring, and maintaining security solutions/tools as well as monitoring infrastructure (networks and systems) for unusual activity, security breaches, and/or intrusions. This individual will work closely with client teams on the implementation, maintenance, and administration of security tools. Additionally, Cloud Security Engineers communicate findings, incidents, and concerns to relevant team members and leadership in a timely manner and work with teams to address and remediate those findings and concerns.
Responsibilities
- Standardizing Azure Security best practices, processes, and procedures
- Working with team members to develop and document security standards and policies that align with HITRUST
- Finding gaps with the current cloud security posture and assisting with finding new security products, installation, configuration, and operation of new security products and procedures.
- Deploying, troubleshooting, maintaining, and administering security solutions (such as Endpoint Protection (Crowdstrike), SIEMs (Crowdstrike), Vulnerability Management solutions (Rapid7), email security gateways (Mimecast), event logging solutions)
- Extensive knowledge of DLP solutions and working with our system with implementing them
- Conducting vulnerability scans of environments and remediation of vulnerabilities
- Undertaking system and infrastructure hardening efforts per standardized benchmarks (E.g.: NIST standards, HITRUST, etc.).
- Installation and configuration of solutions that monitor for and notify when unusual behavior is detected.
- Monitoring infrastructure for security breaches or intrusions (via security tools and solutions).
- Monitoring for irregular system behavior.
- Ensuring detailed, timely, and accurate information regarding security concerns, security findings, and incidents.
- Investigations into how incidents and/or breaches occur as a member of the incident response team.
- Participation in security tabletop exercises.
- Helping maintain information security strategy.
- Recommending modifications with regards to legal, technical, and regulatory areas.
Required Skills/Competencies
- 5-10 years' experience in Information Security and Engineering.
- Strong foundational knowledge across Microsoft Azure Cloud technology stack
- Experience with LaaS and PaaS solutions
- Strong IAM experience
- Strong Azure environment experience
- Strong O365 experience
- A strong background in both data / information security and system engineering.
- Possession of both deep and wide expertise in the cloud security space.
- Experience deploying, troubleshooting, integrating with, managing, and maintaining cloud security solutions (Email security gateways, network security tools, SIEMs, Antivirus/EPP technologies, etc.).
- Experience monitoring infrastructure and systems for security breaches or intrusions and working with SOC team to remediate
- Familiarity with regulatory requirements (HITRUST, HIPAA, SOC2, etc.).
- Experience with Third-Party cloud based penetration testing
- Deep understanding of security practices of Windows server operating systems
- Experience in some specific industry verticals (Healthcare) is helpful.
- Excellent communication skills, both written and verbal.
- Documentation of security tools, deployment configuration, incident reports, etc.
- Communication with client teams on the above as well as clear explanation of concerns, findings, and incidents.
- Availability to work nights and weekends during (un)planned outages and other special circumstances, with 24/7 accountability.
- Availability to enter on call rotation.
- Ability to lift 50 lbs.