Sr Cloud Security Engineer/Analyst - Exposure Management

About The Position

Requirements

• Bachelor's degree in Information Technology, Telecommunications, or Engineering is preferred or related work experience.
• 5+ years of experience in cybersecurity as a practitioner and at least 2+ years of exposure with one of the following: Amazon Web Services (AWS) or Microsoft Azure.
• Knowledgeable of security principles for Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
• Knowledge and understanding of misconfiguration and vulnerabilities of cloud-native applications and infrastructure.
• Experience in security operations, especially in security configuration management of cloud-native applications and infrastructure.
• Experience in the deployment, configuration, and/or operation of cloud security tools is considered a plus.
• Ability to work as an individual and within a fast-paced, collaborative environment.
• Familiarity with DevSecOps methodology and Agile frameworks.
• Strong written and verbal communication skills since you will be required to frequently interact with business and technical stakeholders.
• Ability to apply critical thinking, analyze scenarios, consider other perspectives, factors, and dependencies to ensure an effective tactical and strategic direction to address complex problems.
• Working knowledge of various industry compliance standards, regulatory requirements and laws including but not limited to: Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA), ISO 27001/2, ITIL or NIST.

Responsibilities

• Partner with business, technology, and security teams to maintain and enhance the firm's cloud security capabilities for cloud-native applications and infrastructure.
• Partner with security teams to identify misconfigurations and vulnerabilities, assess security risk, recommend priority, and recommend mitigations to maintain the security posture of the firm.
• Assist security teams by providing data and analysis of the security posture of cloud-native applications and infrastructures.
• Participate in the reviews of vendor capability demonstrations, proof-of-concept testing, and vendor contract negotiation.
• Stay apprised of current and proposed changes impacting regulatory, privacy, and security for cloud-native applications and infrastructure.
• Apply learned knowledge across key lines of business, including products, practices, and procedures.
• Develop and improve key metrics for demonstrating the effectiveness of the program.
• Analyze misconfigurations and vulnerabilities to determine security risk and priority.

Benefits

• Medical and prescription drug coverage
• Dental and vision insurance
• Voluntary benefits (such as accident, hospital indemnity, and critical illness)
• Short- and long-term disability coverage
• Basic life and basic AD&D coverage provided at no cost to associates
• 401k retirement plan
• Tax-advantaged accounts: health savings account, and flexible spending account
• Ten paid holidays
• Fifteen days of vacation for new associates beginning on January 1 of each year
• Sick time, personal days, and a paid day for volunteerism
• Eligibility for bonuses and profit sharing
• Employee Assistance Program