Cyber Cloud Engineer II

About The Position

Requirements

• Minimum experience 3 to 5 years of dedicated, hands-on experience in a cloud security engineering role
• Cloud Platforms: Deep technical expertise in at least one major cloud provider required: AWS: IAM, VPC, EC2, S3, Lambda, GuardDuty, Security Hub, AWS WAF, KMS Azure: Entra ID (Azure AD), Virtual Networks, NSGs, Key Vault, Sentinel, Azure Policy GCP: IAM, VPC, Cloud Armor, Security Command Center, Key Management Service
• Demonstrable proficiency with Terraform or CloudFormation required
• Strong scripting skills in Python, PowerShell, or Bash for security automation required
• In-depth knowledge of TCP/IP, DNS, HTTP/S, TLS/SSL, and routing protocols. Proven ability to secure complex cloud network topologies required
• Advanced administration and hardening skills for Linux (e.g., Ubuntu, RHEL) and Windows Server required
• Experience writing queries and developing correlation rules in Splunk, ELK Stack, or Azure Sentinel required
• Knowledge of defense-in-depth security architectures using cloud-native services
• Hands-on experience securing containerized environments (Docker) and orchestration platforms (Kubernetes, EKS, AKS, GKE). Knowledge of pod security policies, network policies, and tools like Falco or Aqua Security (preferred)
• Minimum Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience
• Certification/License: Advanced security or cloud certifications are highly preferred(i.e. CISSP, CCSP, AWS Certified Security)

Nice To Haves

• Strong understanding of cryptographic principles, Public Key Infrastructure (PKI), and key management systems (KMS, HSM) (preferred)
• Experience implementing Data Loss Prevention (DLP) controls and architecting data-at-rest and data-in-transit encryption strategies in the cloud (preferred)

Responsibilities

• Configure network security controls such as Virtual Private Clouds (VPCs), subnets, Network Access Control Lists (NACLs), Security Groups/Network Security Groups (NSGs), and Web Application Firewalls (WAFs) (1)
• Configure and tune security monitoring tools, including SIEM, Cloud Workload Protection Platforms (CWPP), and cloud-native services (AWS GuardDuty, Azure Sentinel)
• Utilize tools like AWS Config, Azure Policy, and Cloud Security Posture Management (CSPM) solutions to ensure continuous compliance
• Automate the implementation and auditing of security controls against industry frameworks like NIST, CIS Benchmarks, SOC 2, and ISO 27001
• Develop and maintain Infrastructure as Code (IaC) templates using Terraform or CloudFormation to enforce security standards at deployment
• Execute automated and manual vulnerability scans using tools like Qualys, Tenable.io, or cloud-native scanners (e.g., AWS Inspector, Azure Defender for Cloud)
• Prioritize findings and drive remediation efforts with development teams
• Act as a technical contact for cloud security incidents
• Perform deep-dive log analysis using SIEM platforms (Splunk, Azure Sentinel) and cloud-native logging (CloudWatch, CloudTrail)
• Conduct digital forensics and root cause analysis (RCA) on cloud workloads and services
• Automate the implementation and auditing of security controls against industry frameworks like NIST, CIS, Benchmarks, SOC 2, and ISO 27001
• Develop custom detection rules based on threat intelligence and anomalous behavior patterns found in VPC flow logs, DNS queries, and API call data
• Write scripts in Python (using Boto3/azure-sdk), PowerShell, or Bash to automate security tasks, such as incident response playbooks and compliance checks

Benefits

• Traditional medical, dental, and vision coverage
• 401K matching up to 5% per pay period
• Accrue up to 17 days of Paid Time Off your first year of employment
• 11 paid federal holidays
• Special employee pricing on lending products such as mortgage, auto, and personal loans (eligibility for special employee pricing is subject to standard account requirements and underwriting criteria)