Will support Cloud Security tasks specific to developing/documenting codifiable cloud security control parameters for Azure and GCP platforms/services.
• Will have experience with Information Security industry and government standard frameworks
• Will have experience navigating and working with Cloud Service Provider platforms and associated services and controls (Azure and/or Google).
• You will be required to use your understanding of industry benchmarks and control requirements to document security baselines for platforms/services.
• Interact with cloud engineers to understand, verify, and document benchmark implementation approaches.
• Support engineering teams in the development of Policy as Code (PaC) for adherence to documented security baselines.
• Work with a virtual Team consisting of members across various locations in the U.S. and India.
Required
• 5+ years of Information/Cybersecurity experience
• 3+ years of intermediate to advanced experience with public cloud computing/hosting (preferably Microsoft Azure and/or Google) - cloud native capabilities, cloud platforms and cloud services.
• Experience documenting and/or implementing security baselines such as (CIS Benchmarks, Microsoft Cloud Security Benchmarks, etc.)
• Experience with cloud migrations.
• Experience with Agile Scrum or Kanban methodologies.
• Understanding and ability to apply knowledge of industry/government standards and frameworks to “real world” business and technical requirements (e.g. NIST, CIS, CSA, FFIEC, ISO)
• Ability to handle multiple, high priority deliverables concurrently.
• Intermediate to advanced experience working with Microsoft Office products (e.g. Word, Excel, PowerPoint, Visio, Outlook, MS Teams, SharePoint)
Desired - skills that would be a “plus”
• Cloud Security knowledge of platform, service and workload hardening practices.
• Experience with documenting/implementing security requirements for SaaS services.
• Knowledge/experience with scripting/automation languages such as Terraform, Python and/or PowerShell.
• Experience with Infrastructure as Code (IaC) and/or Policy as Code (PaC) concepts/tools.
• Microsoft Azure and/or Google Cloud Certifications
• Understanding of cybersecurity threats, trends and industry best practices and security tools
• Experience operating in a highly regulated industry (e.g., finance, health care, government)