Senior Cyber Security Engineer

Position Overview

This role is responsible for ensuring security in a hybrid multi-cloud technology environment by identifying, implementing, maintaining, and monitoring risk-informed, standards-based controls. The position supports continuous integration and development pipelines that automatically build, test, and deploy secure infrastructure and containerized applications. In addition, it involves reviewing software releases and infrastructure changes for vulnerabilities, managing vulnerability remediation, supporting audit and compliance efforts, and developing incident response plans.

Key Responsibilities

• Responsibilities: Identify, implement, maintain, and monitor risk-informed, standards-based, effective security controls within a hybrid multi-cloud environment.
• Support continuous integration and continuous development pipelines by ensuring that appropriate security checks are automatically or manually incorporated.
• Review software releases and infrastructure changes for security vulnerabilities and risks prior to approval.
• Support enterprise software development and cloud infrastructure projects that store, process, and transmit regulated data to ensure controls meet or exceed standards.
• Manage vulnerabilities and security testing for on-premise and cloud-hosted applications and track issues to remediation.
• Support audit and compliance efforts to ensure applications, infrastructure, and integrations meet applicable compliance and contractual standards.
• Identify, recommend, and test technical security standards and guidelines for software development, DevOps, and release management to adhere to industry best practices for availability, confidentiality, and integrity.
• Partner with internal and external development teams and stakeholders to enhance security and operational monitoring for cloud-hosted workloads.
• Develop and test incident response plans to prepare for, respond to, and recover from security incidents and operational issues.
• Support efforts to provide a secure integrated development environment for external and internal software and release management pipelines.
• Build and track performance indicators and metrics to inform security control monitoring in cloud environments.
• Perform all other duties as assigned.

Required Qualifications

• Education: Bachelor's Degree in Computer or Software Engineering, Information Security, Cybersecurity or a related field from an accredited four-year college or university required.
• Qualifications: AWS Certified Solutions Architect or DevOps Engineer Professional certification required.
• Experience Required: Minimum eight (8) years of extensive security engineering experience, including architectural design using AWS best practices and industry standards.
• Requirements: Experience implementing and managing tools for security, availability, and compliance monitoring in a cloud environment, including collecting data, parsing log files, capturing network traffic, setting alert thresholds, and notifying stakeholders.

Preferred Qualifications

• Master’s Degree preferred.
• AWS Security Specialty certification highly desired.
• Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) highly desired.
• Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK) desired.
• GIAC Cloud Security Automation (GCSA) certification highly desired (must be able to obtain certification within 6 months of hire).