Cloud Security Engineer

Stefanini GroupDover, DE
Onsite

About The Position

Stefanini Group is hiring a Cloud Security Engineer in Dover, DE. This role requires a highly skilled and experienced cloud security professional with a deep understanding of securing cloud workloads, tools, and services. A strong preference would be given to candidates with prior Zero Trust Network Access (ZTNA) principles and a proven track record of implementing and managing secure cloud environments across multiple platforms. The ideal candidate will possess a strong combination of technical expertise and operational leadership. A candidate that brings strong experience in GCP cloud services to the state's multi-cloud program would be desired.

Requirements

  • Extensive experience in ZTNA engineering and automation.
  • Experience with Security Information and Event Management (SIEM).
  • Demonstrate an understanding of data classification standards and experience with data loss prevention (DLP) configurations.
  • Possess an understanding of endpoint security concepts and technologies.
  • Strong analytical and problem-solving skills are vital, along with the ability to think critically and strategically, anticipate security risks, and develop effective mitigation strategies.
  • Minimum of 7-10 years of experience in information security, with a focus on cloud security and ZTNA.
  • Significant experience with GCP, AWS, and/or Azure.
  • Demonstrated experience in implementing and managing ZTNA solutions.
  • Deep understanding of NIST 800-207 and Zero Trust Architecture best practices.
  • Hands-on experience with ZTNA technologies, particularly Zscaler.
  • In-depth knowledge of Google, Amazon, and Microsoft security services (e.g., IAM, security centers, firewalls, key management, logging, and monitoring tools).
  • Proficiency in implementing least privilege access controls, federation, single sign-on (SSO), and other IAM solutions.
  • Experience with scripting and automation tools such as Python, Terraform, CloudFormation, and Azure Resource Manager.
  • Experience with Security Orchestration, Automation and Response (SOAR) platforms.
  • Experience with SIEM logging and analysis.
  • Understanding of Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) concepts.
  • Working knowledge of current security policies, federal and state compliance regulations, and governance standards.
  • Experience with cloud-specific compliance frameworks like FedRAMP.
  • Extensive experience with network security concepts and technologies, including firewall management, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, routing and switching protocols, network traffic analysis, and network security tools (e.g., Wireshark, tcpdump).
  • Leadership and Communication skills.
  • Problem-Solving and Critical Thinking skills.

Nice To Haves

  • Prior Zero Trust Network Access (ZTNA) principles.
  • Proven track record of implementing and managing secure cloud environments across multiple platforms.
  • Strong experience in GCP cloud services.
  • Experience with Okta.
  • Experience with Network Access Control (NAC), DNS security, load balancers, and web application firewalls (WAFs).
  • Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
  • Relevant certifications (e.g., CISSP, CCSP, AWS Certified Security – Specialty, Google Cloud Certified Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate).

Responsibilities

  • Extensive experience in ZTNA engineering and automation, ensuring secure, scalable, and policy-driven access control.
  • Architecting and approving ZTNA configurations, implementing identity-aware segmentation, enforcing least privilege access policies, and leading the transition from traditional VPNs to ZTNA solutions.
  • Demonstrate a comprehensive understanding of cloud security platforms and Infrastructure as A service (IAAS) solution providers like Google, Amazon, and Microsoft.
  • In-depth knowledge of each provider's security services (e.g., IAM, security centers, firewalls, key management, logging, and monitoring tools), as well as the ability to design and implement secure cloud architecture.
  • Well-versed in cloud-native security controls, security posture management (CSPM) tools, and best practices for ensuring compliance with relevant security frameworks (NIST, ISO, SOC 2).
  • Working knowledge of IAM concepts and best practices, with specific experience in Okta preferred.
  • Proficient in implementing least privilege access controls, federation, single sign-on (SSO), and other IAM solutions across multiple cloud platforms.
  • Strong understanding of automation pipelines and experience with scripting and automation tools such as Python, Terraform, CloudFormation, and Azure Resource Manager.
  • Ability to automate security tasks and processes, as well as experience with Security Orchestration, Automation and Response (SOAR) platforms are highly desirable.
  • Experience with Security Information and Event Management (SIEM) logging and analysis is essential, along with an understanding of Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) concepts.
  • Capable of analyzing security logs and alerts, conducting threat hunting, and participating in incident response procedures and methodologies.
  • Working knowledge of current security policies, federal and state compliance regulations, and governance standards is necessary.
  • Implement security controls to meet compliance requirements and have experience with cloud-specific compliance frameworks like FedRAMP.
  • Demonstrate an understanding of data classification standards and experience with data loss prevention (DLP) configurations.
  • Deep understanding of modern networking standards, including Zero Trust principles, is crucial.
  • Extensive experience with network security concepts and technologies, including firewall management, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, routing and switching protocols, network traffic analysis, and network security tools (e.g., Wireshark, tcpdump).
  • Experience with Network Access Control (NAC), DNS security, load balancers, and web application firewalls (WAFs) is also highly desirable.
  • Possess an understanding of endpoint security concepts and technologies.
  • Strong analytical and problem-solving skills are vital, along with the ability to think critically and strategically, anticipate security risks, and develop effective mitigation strategies.
  • Lead and mentor junior security engineers, possess excellent communication and presentation skills, and effectively explain complex technical concepts to non-technical audiences.

Benefits

  • Bonuses or other incentives
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service