Cloud Security Engineer

Responsibilities encompass collaborating with other DevOps and SysOps teams to transition public facing, on-premise applications to the cloud; securing the configuration management of the cloud infrastructure; mitigating risks, and applying security controls to improve visibility and diagnostics in compliance with Federal requirements and security best practices.

Develop and deploy infrastructure as code (IaC) scripts to implement and optimize security controls and mechanisms of a cloud infrastructure.

Act as the subject matter expert for cloud security and tools such as Security Information and Event Management (SIEM), access control mechanisms, Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).

Monitor cloud infrastructure and pro-actively mitigate potential incidents before service degradation occurs.

Provide guidance to the DevOps teams developing on public cloud platforms, advising on security standards for cloud deployment, and working to identify common patterns for template provisioning.

Conduct assessments of security controls for new and existing cloud systems; create and maintain as-built system documentation, architecture diagrams, and online collaborative documentation.

Determine security modes of operation and recommend new or revised security measures and countermeasures for current security challenges.

Collaborate with team members to continue to evolve and implement a state-of-the-art secure cloud infrastructure.

Requires bachelor's degree in computer science, cyber security, engineering, or a related technical field plus 7 years of related experience with 5 years being in cloud system administration and systems security administration. Additional experience can be substituted for a degree.

Experience designing and implementing an enterprise-wide cloud security architecture.

Proficiency with SIEM and vulnerability management solutions.

Experience using common networking tools to aid in troubleshooting, including nmap, Wireshark, tcpdump, etc.

Proficiency in one or more scripting languages: Python, Perl, PowerShell, or Bash.

Proficiency with TCP/IP/UDP ports and protocols, IDS/IPS, Network Access Control List (NACL), Access Control Lists (ACL), and Security Group (SG) applications.

Demonstrated ability to effectively communicate orally and in writing.

Experience supporting a nationwide mid to large Federal agency enterprise is a plus.

CISSP certification required.

AWS Certified Security - Specialty, ISC2, or Cloud Security Alliance certifications desired.

Must be able to obtain Level 2 Secret (ANACI) clearance. Cloud Security Engineer