Cloud Security Engineer | Cyber

About The Position

Requirements

• Proficiency in programming languages such as .Net, C#, Java, and JavaScript, along with secure coding best practices.
• Expertise in web API, web service, and web application security using risk-based approaches.
• Experience with REST, SOAP, or gRPC protocols.
• Hands-on experience with CI/CD tools like GitLab, Jenkins, Nexus, Harness, and Artifactory.
• Familiarity with IaC and policy-as-code tools such as Terraform and Sentinel policies.
• Advanced knowledge of application security testing tools covering SAST, DAST, IAST, and SCA categories, including BurpSuite, Appscan, Veracode, Qualys WAS, HP Web Inspect, Checkmarx, WhiteSource, DevTools, Fiddler, OWASP Zap, Metasploit, BeeF, and SQLMap.
• Strong experience in integrating security controls within the Software Development Lifecycle (SDLC).
• Understanding of encryption, hashing, key management, and secret management.
• Knowledge of authentication and authorization mechanisms including Active Directory (LDAP and NTLM), OAuth, OpenID Connect, SAML, and JSON Web Tokens.
• Bachelor's degree in Business Administration, Computer Sciences, Computer Engineering, Information Systems or related fields.
• Ten (10+) years of proven combine progressive experience in software development and security aspects in a complex technological environment.
• Strong business acumen: ability to understand the needs and concerns of business stakeholders and colleagues and respond promptly and effectively to stakeholder requests. An ability to conduct analysis of work procedures and business results and recommend changes to improve the effectiveness of the business' management.
• Strong technical acumen: knowledge of Software Development, Cyber Security, Information Security, and Information Technology concepts. Strong knowledge of processes, controls, efficiency metrics and reporting concepts. Ability to write technical instructions using programs and technology. Robust knowledge of applicable local and federal laws, regulations, and guidelines.
• Communication skills: effectively interact with internal and external stakeholders. Ability to foster trusting relationships with colleagues and clients. Highly develop written and verbal communications skills in English. Presents numerical data effectively. Superior communication and interpersonal skills. Excellent report-writing and presentation skills. Polished in preparing presentations, executive summaries, and business reports in English for executive audiences.
• Analytical skills: Stays focused on main issues, prevents irrelevant issues or distractions from interfering with timely completion of assignments. Collects, research and complements data; Synthesizes complex or diverse information. Demonstrates attention to detail; Applies design principles; Generate creative solutions. Strong quantitative, research and analytical skills. Experience with data analysis, persuasive and informative writing, workload management, and process management.
• Problem Solving: Identifies and resolves problems in a timely manner; Develops alternative solutions.
• Project Management: Ability to prioritize and work with multiple projects and tasks with minimum supervision; self-direct and task switch between strategic and tactical initiatives regularly. Capacity to achieve results according to plan ensuring the expected quality. Excellent organization capacity to define priorities, meet deadlines, and flexible to change. Knowledge of project coordination, identification of business needs, work plan, budget control, time management, resource allocation, team management and status reports. Must demonstrate leadership, logic, and reasoning skills. Strong understanding of Agile methodologies, particularly Scrum or Kanban.
• Operational/Regulations Processes: Knowledge of budget administration, resources allocation, organization's policies, and regulations. Ability to establish, conduct and track operational processes properly.
• Computer and Technological Skills: Proficient in MSO 365. Experience with data management tools such as: Power Pivot and Power BI, among others, is desired.

Nice To Haves

• Practical knowledge of automating security controls within CI/CD pipelines is considered a plus.
• Familiarity with secure development frameworks and best practices such as OWASP, STRIDE, OCTAVE, BSIMM, and OpenSAMM.
• Certifications are highly desirable but not required
• AWS DevOps Engineer and Microsoft AZ-400.
• Security certifications such as CISSP, CISM, CGEIT, GSEC, CASP+, CRISC, and CCSP.
• Ability to achieve results by providing innovative ways of working with operational and technological considerations.

Responsibilities

• Ensure applications and software comply with legal, regulatory, and internal security standards.
• Collaborate with developers and DevOps engineers to implement security standards and benchmarks.
• Foster a culture of secure coding by building relationships with software architects and engineers.
• Develop and integrate secure design patterns, coding standards, and training into the development workflow.
• Implement and automate comprehensive application security testing, including code review, architecture review, threat modeling, and penetration testing.
• Other duties as requested