The Engineer – Information Security, Cloud Security, Sr is a core technical resource on a capability (platform) team responsible for the architecture design, development, maintenance, administration, and continuous improvement of solutions in AARP’s cloud security systems. The position reports to the Director, Information Security and is responsible for implementation and maintenance of cloud security controls. Additional duties include working closely with Agile teams within the CI/CD pipeline This position is accountable for the technical components of the capability (platform) strategy and lifecycle and will be expected to deliver incremental business value in an agile environment. The Engineer – Information Security, Cloud Security, Sr. must be a multi-faceted technologist able to build business-value based objectives and perform “hands on” for development and configuration within the cloud security systems.
Other core roles on the team will include the Capability Manager (Platform Manager) and Delivery Lead.
Design and architecture
- Ensure sound integration, data, security, and business architecture design throughout all stages within the capability (platform) lifecycle.
- Lead the implementation of information security requirements in order to meet users’ defined outcomes within one or more customer/employee journeys.
- Lead design and development of proof-of-concepts or minimum viable products as well as architecture design and technology evaluation artifacts.
- Drive reuse of common services defined by AARP’s enterprise architecture standards.
- Provides oversight and governance of AARP technology standards and frameworks for assigned systems and platforms.
- Participates in development of Enterprise Engineering and Architecture Standards and Practices as required
- Establish the technical framework for the capability (platform) strategy and lifecycle.
- Work with the capability (platform) manager to define business-value based objectives and user stories for upcoming sprints
- Develop innovative solutions, taking into consideration performance, scalability, and availability with realistic implementation schedules.
- Guide business and/or capability (platform) managers with investment and budget decisions based on the portfolio of tools needed to accomplish a desired outcome.
- Investigate new technologies and make recommendations to capability (platform) managers regarding potential usage.
- Collaborate with the capability (platform) manager during complex discussions with business stakeholders, vendors, or technology, particularly when determining the technical requirements/capabilities needed to meet business goals.
- Provide critical input to other capability and platform teams as needed to ensure alignment with broader ITS strategic objectives.
- Drive the continuous improvements of implementation methodology and service offerings based on customer/employee experiences.
- Work to streamline processes, with the goal of speeding delivery to the customer, while balancing risk management objectives.
- Work with developers, administrators and support staff to analyze incident trends & underlying system problems to identify incremental improvement opportunities that support/drive key business value drivers.
- Follows ITS Disaster Recovery (DR) policy and standards.
Technical Leadership / Active Practitioner
- Participate in a Community of Interest for engineers across all capability (platform) teams to share information and strengthen understanding of business needs and technology-based business solutions.
- Serve as the technical liaison and subject matter expert in business interactions.
- Provide ‘level 2 or 3’ support and problem management guidance for the capability (platform) team.
- Understanding of DevSecOps concepts and ability to drive and communicate change supporting DevSecOps methodology within the organization.
- Actively assess existing cloud implementations, identifying security issues and prioritizing fixes.
- Assist with projects involving cloud, operating systems, applications, and database and security issues and requirements.
- Engineer and implement new cloud security tools to feed our DevSecOps processes to ensure the solvency of cloud compute resources.
- Perform design review, threat modeling, and security review efforts of production systems for AWS services.
- Perform penetration testing & vulnerability research of complex proprietary software and hardware for AWS services.
- Work closely with the Retrospective Review team to develop large scale, cutting edge, testing, monitoring, and analytics solutions.
- Work closely with other internal development teams across to create comprehensive security tooling and functional improvements at scale.
- Determine how to leverage services from cloud providers and identify gaps that must be met through other tools, software, or 3rd party services.
- Design, build & deliver Identity Federation and DevSecOps across multiple hybrid clouds
- Provide tuning recommendations of cloud security tools based on traffic patterns.
- Lead planning, implementation, and growth of the infrastructure on Amazon Web Services (AWS)
- Ability to create and utilize Cloud Formation templates to automate creation of images
Desired Education and Certifications
- Bachelor's degree or equivalent in Information Technology, Computer Science, Engineering or related field
- BS in computer science, information systems, cybersecurity, or related IT or security field
- Master’s degree in information systems, cybersecurity or related IT or security field
- 3+ years' experience as a Security Engineer supporting software architecture development environments.
- 3+ years’ of demonstrated experience with Cloud platforms such as Amazon Web Services (AWS)
- CISSP and either CCSP or CCSK
- AWS Security Certification
- Experience in enterprise architecture practices, frameworks and methodologies
- A demonstrated ability to work within a team and build consensus towards a technical direction
- Strong technical expertise in executing proofs of concept and experimentation with development teams
- Technology delivery experience through concept, development, validation, deployment, and support
- Product evaluation through RFI/RFP including working with vendors and internal stakeholder groups
- An understanding of external cloud hosting providers including Amazon Web Services, Microsoft Azure
- Solution Architecture experience with projects using Agile and Iterative approach
- Knowledge of cloud networking architecture, cloud operations, security, automation and orchestration.
- Experience with AWS or similar enterprise cloud computing platforms.
- Experience with agile development or similar methodologies for CI/CD and the common software that enable them.
- Experience with open source technologies and environments.
- Automation and scripting experience in Python or similar.
- Experience with serverless architectures, and common virtualization techniques.
- Ability to automate the provisioning and configuration of Cloud-based environments.
- Design, build and deliver cloud threat analytics by leveraging cloud log correlation, AI & machine learning engines.
- Design, build & deliver Identity Federation and DevSecOps across multiple hybrid clouds.