XChange Software Inc.
Iselin, NJ
Post Resume to
View Contact Details &
Apply for Job
Job Description :
Position: Cloud Security Assurance
Duration: 6 Month
Remote
 
Job Description: 
Must have Dev Sec Ops experience.
Actively interviewing this week!

This role requires knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability. The preferred candidate will be required to conduct assessments, analyze data, identify its criticality, communicate effectively with account owners, provide guidance on remediation, conduct validation testing, and generate risk reports and program metrics. This role involves mapping industry-standards onto public cloud infrastructure, to provide Anthem insight into cloud hygiene and security compliance. This also involves tracking capabilities of new and existing public cloud services and understanding how adversaries may exploit these resources to advance their modes of interest. Primary duties may include, but are not limited to:
  • Perform assessments utilizing CASB, platform native utilities, and other tooling as necessary to ensure security compliance throughout all phases of the cloud solution lifecycle.
  • Establish process guides for the Cloud Security Assurance capability within the Anthem cloud security team.
  • Document remediation SLAs, cadence/timelines of security reviews and communication announcements of security reviews.
  • Identify opportunities to establish, refine, or bolster, security guardrails.
  • Partner with Application Teams, Cloud Operations, security control owners, and the Cloud Security Advisory Services Team to socialize findings and drive proactive risk reduction.
  • Supports activities, process, and tools needed to improve overall security posture of the organization.
  • Ensure compliance of security configurations for cloud solutions and aid in providing clear and concise processes and procedures for the implementation and enforcement of system security configurations.
  • Conduct validation testing to ensure implemented guardrails are functioning as required.
  • Support the risk management process by helping to determine and assign risk impact ratings and prioritize remediation efforts in accordance with Anthem accepted Risk Management and Cloud Security Reference Architecture Frameworks.
  • Conduct readiness assessments of cloud applications prior to go-live in support of the Cloud Governance process.
  • Conduct process reviews of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.
  • Provide Sr. management with consultative support in controlling and/or enhancing processes and systems in compliance with policies and regulations focused on HIPAA, PCI, SOX, SOC and other regulatory guidance.
  • Advise on the development of education, training and other mechanisms used to ensure compliant behavior for mandated security controls.
  • Research relevant IT and IS regulatory, compliance and audit trends across healthcare, business, competition and regulatory environments; recommend strategy adjustments.
  • Develop an annual Security Health Check report for Sr. leadership to provide insight into Anthem’s security posture across each of the of the cloud platforms. Additional Desired 
Skills:
  • Experience with analyzing and securing complex, large scale cloud applications.
  • Experience in programmatic integration with ticketing and asset management systems.
  • Experience in aggregating metrics and reporting. • Strong verbal/written communication skills.
  • Demonstrated teamwork skills, with strict adherence to respecting establish escalation paths and the chain-of-command in a fast-paced, highly regulated work environment.
  • Knowledge of Diversity Principles, Corporate Integrity, Compliance Program policies, and other applicable corporate and departmental policies.
  • Minimum 4+ years hands-on experience with popular Cloud Vendors and technologies such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, IBM Cloud, and Oracle OCI
  • 2+ years’ experience in auditing information system design, provisioning, operating, and maintaining systems running in the cloud with a strong preference for direct experience with DIACAP, RMF, etc.; or demonstrated equivalent testing and securing highly regulated information assets.
  • Familiarity with common compliance standards, such as CIS Benchmarks, PCI-DSS, HIPAA, NIST, FISMA, etc.
  • Research mindset, with a hold on where to look for relevant information pertaining to cloud threats, vulnerabilities and key adversary’s’ modes of interest.
  • Experience with AWS Security Groups, VPC, Routing Tables, Subnets, EBS, Cloud Front, EC2, S3, IAM Roles and Policies, Cloud Watch, Lambda, SNS, SQS, Elastic Load Balancers, ECR, EKS, SSL Certs, VPN Tunnels, Direct Connect, Transit Gateway, NAT Gateway, NAT Instances and Auto Scaling Groups.
  • Knowledge of and the ability to detect and prevent data security vulnerabilities of coding throughout the software development life cycle within software development organizations.
  • Solid understanding of public cloud resource and control plane threats and vulnerabilities.
  • Automating tasks using cloud native tools, sdk’s, cloud formation (e.g., JSON). & Terraform scripts, command line tools.
  • Programming/scripting knowledge for automating day to day tasks – Python, Perl, Ruby.
  • Knowledge & experience of monitoring, logging and cost management tools that integrate with cloud platforms.
  • Demonstrated troubleshooting skills.
  • Capabilities to provide cloud operations and deployment guidance and best practices throughout the lifecycle of a project.
  • Knowledge of application deployment and data migration in various cloud platforms across different regions.
  • Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
  • Tracking and researching release of new cloud resource types and services, with a focus on security risk and attack surface expansion. • Cloud/Security and Audit Certifications preferred (e.g., CISA: Certified Information Security Auditor, CISM: Certified Information Security Manager, CISSP: Certified Information Systems Security Professional, CIPP/A,M,T,P, Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation , AWS Architect, or equivalent certifications.
             

Similar Jobs you may be interested in ..