The position of Cloud Security Engineer will report directly to the Chief Information Security Officer and is responsible for designing, deploying, and overseeing the management of group wide security solutions and executing against the company’s Information Security and Compliance roadmap. Working closely with technology partners, he or she will guide the selection, implementation, and integration of various security solutions. This position has significant organizational impact, requiring enterprise perspective, knowledge and change management skills.
- Architecture of a multi-tenant cloud security tooling and monitoring
- Design and implementation of Network and Cloud Security, Identity and Access Management, Continuous Security Monitoring, and Vulnerability Management solutions
- Integrate multiple technologies into a centralized monitoring solution
- Drive automation throughout deployed security tooling, particularly Security Orchestration, Automation, and Response (SOAR) technologies to enhance the organizations security operations capabilities
- Partner with managed security partners and participate or lead incident response procedures
- Work with developers to implement DevSecOps solutions and design and implement a security focused SDLC
- Maintain and improve existing security application tool set.
Translate compliance and security requirements into project / process deliverables
- Keep current on industry trends and the direction our competitors are heading with respect to business capabilities and technology
- Perform research, formal evaluation and prototyping of leading/emerging technologies without oversite.
- Bachelor’s degree in Computer Science, Information Security, or a related field
- 7-10 years of experience in a Security or Cloud Engineering role
- Strong Microsoft 365 and Azure background, including experience architecting security across multi-tenant environments
- Strong technical skills to design and implement M365 Security services with hands on experience on several of the items outlined below:
- Authentication Methods (sign-on security, multi-factor authentication (MFA), self-service password reset)
- Conditional Access (Compliance and conditional access policies, device compliance policy, conditional access policy)
- Azure AD Privileged Identity Management (PIM)
- Azure AD Identity Protection (User risk policy and sign-in risk policy)
- O365 ATP (Anti-phishing protection, anti-spoofing, anti-spam protection, Safe-Attachments, Safe Links, anti-malware solution)
- Azure Information Protection (Azure Rights Management, labels and conditions, templates, AIP scanner, RMS connector, tenant keys, integrate AIP with Microsoft Online Services)
- Data Loss Prevention (Manage DLP policies, manage sensitive information types
- O365 Cloud App Security (Plan implementation and configuration)
- Data governance and retention (Retention policies, data governance reports and dashboards, Information holds, import data in the Security and Compliance Center, manage inactive mailboxes)
- Data privacy regulation compliance (Regulatory compliance in Microsoft 365, review and interpret GDPR dashboards and reports, Compliance Manager reports)
- Azure Log Analytics
- Microsoft Sentinel
- Azure Lighthouse
- Experience in applying security to cloud technologies (managing secrets, Securing CI/CD pipelines, Infrastructure as Code, Container Security)
- Experience in implementing enterprise-wide vulnerability management solutions, including container-based vulnerability management.
- Possession of or ability to obtain professional certifications in information security or risk management, such as a CISSP, CISM, or Microsoft / Azure Security Certifications
- Strong knowledge of security, regulatory, and control frameworks, such as ISO270001, HIPAA, GDPR, NIST, and CIS.
- Self-starter who demonstrates strong ownership of their domain
- Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- High level of personal integrity, and the ability to professionally handle confidential matters.
- Natural passion for security and strong drive to see both projects and investigations to completion.