100% REMOTE EVEN AFTER COVID!!!
Our direct client is looking for a REMOTE " Mid OR Senior Level Security Engineer" for a PERMANENT HIRE ROLE.
*** NO Sponsorship Available ***
Client is based in Central Time Zone (Overland Park, Kansas)
You will be working 100% REMOTE, for a Large, Fortune 1000 company who has all the latest and greatest tools and technology, PLUS, working with a GREAT boss!!
Working on a huge, Transformation Project!
Client is looking for AWS OR Azure exp
Mid or Senior level Security CLOUD Engineer
Architect or Engineer
Client's team is learning and need someone with exp who can jumpstart the program.and help elevate the overall team's Cloud Knowledge
Responsible for the development and maintenance of security solutions and guardrails for infrastructure and applications running in cloud instances, focusing primarily on Amazon Web Services (AWS) and supporting CI/CD pipelines. This position works with business and IT leadership to define and recommend security solutions that meet enterprise standards, and then provides hands-on delivery of those solutions.
** (DOES NOT NEED TO HAVE ALL THE SKILLS BELOW) ***
** Client will consider someone without Cloud Exp **
Experience with AWS OR Azure security toolsets: Identity Access Management, Key Management, Security Groups, Network ACLs, Service Control Policies, CloudFormation, GuardDuty, Config, etc.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Provide cloud and software architecture security guidance, including developing threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
- Work with information security, technology, and business leadership to develop and implement strategies to enforce security requirements and address risks for workloads deployed in cloud services and their supporting CI/CD pipelines.
- Coordinate, develop, and communicate information security standards and documentation for cloud services and supporting CI/CD pipelines.
- Support the planning and execution of the application security testing and evaluation program with possibility to mentor peer team members
- Perform periodic quality assurance to ensure that system, network, and application configurations meet security standards.
- Report to management concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
- Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to business system analysis and communication, facilitation and consensus building.
- Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.
- Play a senior advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
- Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
- Lead members of the information security team in working with IT to identify, select and implement technical controls.
- Actively coach and mentor others, is openly considered a mentor by other team members.
- May act as a team lead for key areas of expertise and drive key projects or ongoing operational functions.
MINIMUM REQUIREMENTS (DOES NOT NEED TO HAVE CLOUD, BUT: PREFERRED)
- Minimum of five (5) years' IT or network security experience.
- Bachelor's degree in information systems or equivalent work experience.
- Extensive knowledge and hands-on experience working with Amazon Web Services and related security technologies from ideation to finished production product.
- Experience and understanding of CI/CD pipelines, Infrastructure as Code, Automation, and Orchestration.
- Excellent technical knowledge of security technologies, such as application/pipeline security, network security, monitoring, incident response, identity and access management systems, anti-malware solutions, and automated policy compliance tools.
- Hands-on experience evaluating the security of applications using both manual and automated techniques.
- Experience making and defending sound technical arguments that incorporate relevant technical and business considerations, and building consensus among stakeholders.
- Knowledge/hands-on experience in implementing DevSecOps (enabling security in DevOps).
- Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
PREFERRED QUALIFICATIONS (PLUS ONLY)
- Advanced degree in information security, network security or IT security a plus.
- CCSK, CCSP, or other cloud specific security certifications preferred.
- Container experience with Docker and Kubernetes is a plus.