Summary Vertical Relevance is looking for an AWS Security & Compliance Consultant, to join our team as a full-time employee in our work remotely. This person is responsible for the end-to-end planning, building, and deploying of software systems. He/she will be able to drive the programming of well-constructed, testable code.
As an AWS Security & Compliance Consultant, you will implement technical solutions as part of a team for customer engagements. This role requires strong teamwork, communication, patience and organization skills needed to drive customer success.
Responsibilities - Help customers shape their journey to adopting the cloud and provide our customers with technical and strategic guidance on their "cloud journey".
- Consult, plan, design, and implement security solutions on the cloud customers
- Design and automate security and compliance solutions
- Become a deep technical resource that earns our customer's trust
- Develop high-quality technical content such as automation tools, reference architectures, and white papers to help our customers build on the cloud
- Innovate on behalf of customers and translate your thoughts into action yielding measurable results.
- Support solution development by conveying customer needs and feedback as input to technology roadmaps. Share real world implementation challenges and recommend expansion of capabilities through enhanced and new offerings.
- Assist with technical briefs that document solutions
- Assist with reference architecture implementations
- Support internal and external brand development through thought leadership:
- Work with Marketing/Alliances to write blog posts
- Work with Marketing/Alliances to develop internal case studies
Qualifications - Professional experience architecting/operating automated Security & Compliance / DevSecOps solutions built on AWS Experience in software/technology customer facing experience
- Knowledge of NIST 800-53, CIS, •
- Proficiency in policy-as-code frameworks (OPA) •
- Experience designing compliance-as-code strategies and custom controls (SCPs, Config Rules)
- Strong audit-readiness advisory and evidence-collection expertise
- Skilled in risk management, stakeholder alignment, and executive reporting
- Familiarity with Agile project governance and backlog management
- Lead discovery workshops to identify in-scope controls, services, and stakeholders
Sample Activities You'll Do Creating a Self-Service Account Framework - Assist Customer with organizational hierarchy design and configuration templates
- Assist Customer in the development of referenceable playbooks, supported by relevant code examples
- Assist Customer in the development of sample runbooks to automate the implementation of AWS account setup and configuration
- Account Framework - Developing an automated Continuous Delivery Pipeline framework that will be used to establish AWS Accounts to configured, tested infrastructure on AWS in a repeatable, reliable and secure manner eliminating the need for manual intervention.
- Security Control Policies - Development of the Service Control Policies and account baselines associated with the Customer's security and compliance requirements
- Assist Customer with the development of a report and supporting sample code addressing the controls as part of the playbook
Creating Security Threat Analytics and Dashboard Solutions - Creating a framework to automatically gather, transform and interpret security event data in AWS.
- Selecting, defining, identifying security requirements and determine where:
- Macie can be leveraged
- GuardDuty can be leveraged
- Inspector can be leveraged
- Security Hub can be leveraged
- Alternative security products can be leveraged
- Codify the provisioning of security analytics and reporting workflow:
- Implement Security Hub with in a central account with inputs from all accounts
- Implement GuardDuty for global security events
- Implement Macie for detection of sensitive data in 23 buckets
- Develop AWS Config rules to enforce security configurations in CIS AWS Foundations standard
- Implementing Inspector to gather findings from EC2 instances
- Enable CloudTrail for monitoring API activity
- Enable FlowLogs for VPC traffic
Creating a Self-Service Compliance Framework - Selecting tools for building Policy-as-Code controls (preventative, detective, and responsive)
- Development of referenceable playbooks, supported by relevant code examples for controls
- Development of sample runbooks to automate the implementation of controls:
- Policy Definition - Identification and documentation of Customer Policy in the form of specific statements that must be true about configuration of AWS resources
- Policy-as-Code Development - Development of the logical tests associated with each of the policies established to be used to assert the configuration state of infrastructure on AWS in order to block a build in the pipeline, take automated reactive action, or alert on violations to the policy
- Framework Development - A design allowing for the execution of logical tests against infrastructure code or running AWS infrastructure in order to assert the configuration state of infrastructure resources on AWS and block a build in the pipeline, take automated reactive action, or alert on violations to the policy
- Development of a report and supporting sample code addressing the controls as part of the playbook
Relevant Technical Tools - Primary Languages - Python, Java, Bash
- Tooling, Services & Libraries - Jenkins, Gitlab, Terraform, Vault, Git, Splunk, OWASP, Trend Micro, Palo Alto, Fortify, Twistlock, Aqua Security
- Python AWS security services (Control Tower, Security Hub, GuardDuty, AWS Config, Audit Manager) OPA, CloudFormation-guard
- Knowledge of NIST 800-53, CIS, •
- Proficiency in policy-as-code frameworks (OPA) •
- Experience designing compliance-as-code strategies and custom controls (SCPs, Config Rules) • Strong audit-readiness advisory and evidence-collection expertise •
- Skilled in risk management, stakeholder alignment, and executive reporting •
- Familiarity with Agile project governance and backlog management
Relevant AWS Services - AWS Infrastructure Scripting - CloudFormation, AWS CLI, AWS CDK
- AWS Storage Services - S3
- AWS Compute Services - Lambda, EC2, EKS, ECS, ECR
- AWS Networking Services - VPC, Route53, API Gateway, Direct Connect
- AWS Developer Services - CodePipeline, CodeBuild, CodeCommit, CodeDeploy
- AWS Management and Governance Services - Control Tower, Organizations, CloudWatch, Auto Scaling, Config, CloudTrail, Service Catalog, Systems Manager
- AWS Security, Identity, Compliance Services - IAM, Inspector, KMS, Secrets Manager, Security Hub, Detective, GuardDuty, Macie, HSM, Certificate Manager, WAF & Shield, Firewall Manager, Detective
- AWS Frameworks - Landing Zone
