Job Description :
Duties / Responsibilities

Develop and implement cloud security controls, cloud-based processes and tools, and cloud security task automation.

Perform security assessments, working closely with DevOps and Developer teams on identifying security and privacy issues in AWS or Azure and finding solutions to provide required functionality securely.

Continuously monitor cloud security operations, responding to security issues and escalating as necessary.

Conduct security impact analysis of controls on proposed system changes.

Conduct cloud security assessments and Penetration testing.

Perform Incident Response and Forensics evaluation using security information and event management (SIEM) tools.

Ensure that the client's system security requirements are addressed during all phases of the system development life cycle.

Review and update systems security documentation and artifacts such as Systems Security Plan, Information Security Risk Assessment, Privacy Impact Assessment, Systems Security Report, Correction Action Plan, Plan of Action & Milestones (POA&M).

Create and track POA&M requirements for resolving security findings.

Administer cloud-based and physical firewalls.

Adhere to all security, change control and Project Management Office (PMO) policies, processes and methodologies.

Note: The candidate must have the flexibility to work overtime, as needed, to include weekends, holidays, and off-hours.

Minimum Qualifications

A minimum of six (6) years of experience in analyzing and defining security requirements for large and mission critical IT security requirements.

A minimum of two (2) years performing day-to-day security operations functions including administration, troubleshooting, and resolution of various security components.

A minimum of three (3) years of hands-on experience in performing cloud security functions.

A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.

Demonstrated production experience using AWS or Azure supporting security operations.

Experience in performing Security Incident Response and Forensics evaluation with SIEM tools.

Working knowledge of AWS security features such as Security Groups, Network Access Control List, Firewall, WAF, Guard Duty, Macie, CloudTrail, CloudWatch, Control Tower etc.

Experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities.

Preferred Qualifications

A minimum of five (5) years of experience in providing Cloud Security.

A minimum of five (5) years of experience in assisting organizations meet NIST SP 800-37, NIST 800-53, IRS Publication 1075, MARS-e 2.0 requirements.

A minimum of five (5) years of experience with AWS security on S3, EC2, Security Groups, NACL, etc.

A minimum of five (5) years of experience with conducting Incident Response testing to evaluate processes for detection, response, and reporting of security incidents

A minimum of five (5) years of experience with Data Security practices on encryption, masking.

A minimum of five (5) years of experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities.

A minimum of three (3) years of experience with Data Loss Prevention tools and technologies.

Experience in configuring ASA and/or Fortinet firewalls.

Possess one or more of the following security certifications: (i.e., CISSP, GIAC, CEH, Security+, Amazon Certified Security Specialty, Microsoft Certified: Azure Security Engineer).

             

Similar Jobs you may be interested in ..