Job Description :
AWS Security, Risk & Compliance (SRC) Architect
Remote (should work in US EST Hours)
3 - 6 months contract
Job Description:
In this highly visible and critical role, you will be leading complex security engagements as a Cloud Security Engineer with the Information Security team. You will interface with various stakeholders to ensure AWS security, privacy, and compliance requirements are addressed through security tools, policies, and technologies.
Principal Responsibilities:
- Install, configure, integrate, and train others on security solutions in the cloud
- Define and implement appropriate policies for AWS security solutions
- Conduct security assessments to identify areas of risk and ensure any gaps are remediated
- Own security architecture in the Cloud in collaboration with other team members and functional areas
- Consult on and provide security requirements for critical projects and initiatives
- Conduct security risk assessments, planning, policy reviews, gap analysis, status/progress reports and action plans
- Conduct technical research when necessary to contribute to cloud security direction and strategy planning
- Develop positive partnerships and work closely with other members and stakeholders to align and execute infrastructure changes in a secure manner to support the organization''s tools, apps, and processes
- Work closely with the DevOps, System support engineer to provide guidance on security weaknesses in the cloud environment
- implementation of encryption, privilege management, logging, input validation, secure storage design and secure data transfer
- Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security
- May participate in simulated attacks or security violations to assess the organization''s data security measures
- Provide findings and recommendations in the following areas: NIST Policy, FEDRAMP and Cybersecurity
- Assist in investigation and remediation of security incidents and issues
Required Experience:
- Cloud security experience, preferably in AWS
- Knowledge of Infrastructure as code (E.g. Terraform, Cloud Formation Templates)
- Experience with Identity and Access Management (IAM) policies, IAM roles, Secured Network Architectures, and CIS foundation best practices
- Able to directly work and support our managed service''s team by providing technical expertise to maintain the security requirements and compliance
- Good understanding of automation using AWS Cloud Formation, CloudTrail, GuardDuty, Config, Inspector, CloudWatch, IAM, or KMS AWS- Inspector, AWS Macie, and Container Security etc.
- Knowledge of the National Institute of Standards and Technology''s (NIST) standards and as applicable, the Cybersecurity Framework
- Well-versed in associated reference documents such as ""SP 800-37 / NIST SP 800-53 / NIST SP 800-171, FIPS Publication 199, FedRAMP security requirements, and Cloud Security Alliance
- Ability to learn and adapt to new concepts and technologies quickly
Preferred Qualifications:
- Education: Bachelor''s degree in Computer Science, Electrical/Electronic Engineering, Information Technology, or another related field; or an associate degree plus four (4) years of related IT experience
- Minimum of four (4) years of experience with AWS, network security, and system security development
- AWS Certified Security - Specialty
- AWS Certified Solutions Architect - Professional
- CCSP (Certified Cloud Security Professional)