Senior Cloud Cyber Security Engineer - Remote

About The Position

Requirements

• Proven experience (5 years) in cloud security roles, with a strong understanding of cloud platforms and services (AWS, Azure, or GCP).
• Deep knowledge of cloud security best practices, cloud-native security tools, and cloud service provider security offerings.
• Experience with cloud security assessment tools, vulnerability scanning, and penetration testing techniques.
• Familiarity with cloud identity and access management (IAM) concepts and frameworks.
• Understanding of networking, encryption, and virtualization technologies as they relate to cloud security.
• Excellent analytical and problem-solving skills, with the ability to effectively assess and communicate cloud security risks.
• Strong written and verbal communication skills, with the ability to collaborate with cross-functional teams and provide security guidance.
• Cloud security controls: Identity and Access Management (IAM), Encryption, Network Security, Compliance, Logging and Monitoring, Vulnerability Management, Disaster Recovery and Business Continuity, Cloud Access Security Broker (CASB), and Multi-Factor Authentication (MFA).
• Knowledge of various technical frameworks and concepts (MITRE ATT&CK, CIS, Kill Chain, etc)
• Experience working in a highly regulated environment.
• Ability to express complex technical concepts in business terms.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Bachelors Degree + 5 years relevant experience may be accepted in lieu of degree
• No Degree + 7 years of relevant experience without a degree
• to have cloud cyber security experience

Responsibilities

• Design and implement secure cloud architectures, ensuring adherence to best practices and compliance requirements.
• Collaborate with cloud architects and DevOps teams to integrate security controls and mechanisms into cloud environments.
• Review and assess cloud infrastructure and service configurations to identify potential security risks and recommend necessary improvements.
• Conduct regular security assessments, including vulnerability scanning, penetration testing, and security audits of cloud resources and services.
• Identify and prioritize security vulnerabilities, misconfigurations, and compliance gaps, and provide recommendations for remediation.
• Assist in implementing and maintaining security testing tools and automation scripts for continuous security assessment.
• Develop and implement cloud-specific identity and access management (IAM) policies and controls to ensure appropriate access rights and permissions.
• Monitor and review IAM configurations, roles, and access policies to prevent unauthorized access and privilege escalation.
• Collaborate with identity teams to integrate cloud IAM with enterprise identity and access management systems.
• Implement and manage cloud security monitoring tools and solutions to detect and respond to security incidents in real-time.
• Establish incident response plans and processes specific to cloud environments, collaborating with incident response teams to investigate and mitigate cloud-related security incidents.
• Conduct post-incident analysis and implement measures to prevent similar incidents in the future.
• Ensure cloud infrastructure and services comply with relevant security standards, regulations, and industry frameworks (e.g., CIS, NIST, GDPR, etc.).
• Participate in security audits, assessments, and regulatory compliance activities, working with auditors to address findings and ensure compliance.
• Stay updated with evolving cloud security trends, emerging threats, and regulatory changes, and provide guidance on implementing necessary controls.
• Work with Governance team to conduct training and awareness programs for cloud users, developers, and stakeholders to promote secure cloud practices and awareness of cloud-specific security risks.
• Provide guidance and recommendations on secure cloud architecture, configurations, and deployment practices to development and operations teams.
• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
• Regularly interact with all levels of management to present and discuss control effectiveness.
• Review and coordinate changes to cyber security policies, procedures, and standards.

Benefits

• Medical, Dental, Vision plans
• Adoption, Fertility and Surrogacy Reimbursement up to $10,000
• Paid Time Off and Sick Leave
• Paid Parental & Family Caregiver Leave
• Emergency Backup Care
• Long-Term, Short-Term Disability, and Critical Illness plans
• Life Insurance
• 401k/403B with Employer Match
• Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
• Student Debt Pay Down – $10,000
• Reimbursement for certifications and free access to complete CEUs and professional development
• Pet Insurance
• Legal Resources Plan
• Colleagues may have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met