Obsessed with all things AWS and looking for a place to put your ideas into practice? We are searching for you. Someone who brings fresh ideas, demonstrates a unique and informed viewpoint, and enjoys collaborating with a cross-functional team to develop real-world solutions and positive user experiences at every interaction.
At Tokio Marine HCC, we’re passionate about creating software that solves problems. As a result, we rely on our Cloud Security Engineer to empower our users with a rich feature set, high availability, and stellar performance level to pursue their missions. Our current environment is experiencing rapid growth and an aggressive expansion of our customer deployments, resulting in the need for an experienced Cloud Security Engineer. The role will guide security services in AWS and optionally in Azure cloud.
You will be asked to immerse yourself in the key objectives of the role including the Automation of manual cloud security processes and other cloud activities. Enabling and supporting Corporate and business unit teams using public cloud in realizing information security objectives and controls. Lastly develop and maintain cloud security foundational services inside the first year of employment.
Success in this role will be reflected in the below key areas of focus.
Enabling and supporting BU/Corporate teams
- First line of support for cloud security engineering, liaising with Security SMEs and teams
- Quarterly review of legacy exceptions/controls and remedy in partnership with teams
- Lights-on-Support: Manage incidents and problems in AWS and Azure
- Monitoring, tracking, and advising teams on remediation of non-compliant resources identified by Turbot and other AWS-native tools such as GuardDuty, AWS Security Hub, and Azure Security Center
- Offer consultancy as Cloud Security SME to BU/Corporate, focusing on security and resiliency
Automation of processes
- Automate security controls and allied activities
- Identify manual controls and reports needing automation
- Automate security-as-code with version control, change control, and roll-back capability
- As a T-shaped resource, automate cloud services as needed
- Automation on guardrail reporting and alerting to tech owners
Developing and maintaining cloud security foundational services
- Deploying Identity and Access Management systems to secure production and corporate access, such as: SSO, SAML
- Extending and maintaining automated enforcement of security guardrails using Turbot to ensure compliance with TMHCC security policies.
- Ensurelogging and monitoring feeds and tools are in-place and functional (feeds to Sumo Logic and Security SIEM (LogRhythm currently)
- Implementing and maintaining AWS platform integrations with security tools such as Qualys and Crowdstrike
- Acting as a liaison between the Cloud Platform & Services team and the Security team (SOC) to assist with AWS-related security investigations, if needed
- Harden configurations using standards such as the Center for Internet Security (CIS) security benchmarks for Docker, AWS Kubernetes, and others and keep software up to date
- Use VeraCodeSoftware Composition Analysis (SCA) to scan all container images, as well as dynamically and statically linked dependencies and nested dependencies, for known vulnerabilities and embedded secrets.
Key Skills and Qualifications
- Bachelor’s and 3 or moreyears' experience in IT security, compliance, or risk management
- Certifications in AWS Security Specialty or AWS Solutions Architect
- Hands-on technical expertise in building security capabilities in code and deploying infrastructure in code
- Understanding of Cloud Security across realms of Identity, Monitoring Auditing and Cryptography
- A strong grasp of Information Security and implemented processes to review IT infrastructure, Web security and compliance experience
- Knowledge and experience with threat modeling and penetration testing, especially for web application and web APIs