What will you contribute?
We are looking for a Cloud Security Engineer who specializes in Microsoft Azure environments to participate in a multidisciplinary information security team. The right individual will directly contribute to the execution of the firm's technology transformation strategy, cloud architecture and assist in the design and implementation of security controls around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS).
- Develop Cloud Security Controls Framework aligned to security frameworks CSA, CIS and NIST for multi-cloud environment.
- Design and develop security architectures for cloud and cloud/hybrid-based systems. Possess a firm understanding of the offerings within Microsoft Azure platforms and SaaS applications such as O365, Dynamics, etc.
- Work closely with enterprise architects to identify and mitigate risks, perform security reviews, design top tier security practices, and deliver strategic, innovative cloud based security offerings.
- Designing and Developing Cloud-specific security policies, standards and procedures e.g. Identity and Access Management (SSO, SAML), and Privilege Management, Firewall management, SSL/IPSec, Encryption Key Management (BYOK), Security incident and event management (SIEM), Data protection (DLP, encryption), Vulnerability Management in partnership with Infrastructure Services, and Application Development.
- Performing Cloud Security Assessments of Cloud platforms/environments using industry standard frameworks such as ISO, CSA-CSM and NIST.
- Executing on Cloud security engagements during different phases of the lifecycle assess, design, and implementation.
- Troubleshooting and resolving complex security issues in Microsoft Azure, applying fundamental systems security understanding, skills, expertise, and experience to support the planning, design, development, and implementation of complex systems
- Ensuring that relevant threat and vulnerability data is considered in support of security-relevant decisions.
- Providing input to analyses of alternatives and to requirements, engineering, and risk trade-off analyses to achieve a cost-effective security architectural design for protections that enable mission/business success.
- Providing the evidence necessary to support assurance claims and to substantiate the determination that the system is sufficiently trustworthy; and
- Conducting security risk management activities, producing related security risk management information, and advising the engineering team and key stakeholders on the security-relevant impact of threats and vulnerabilities to the mission/business supported by the system.
The ideal candidate will have a strong foundation across Microsoft technology stack and Azure security offerings and the ability to communicate security and risk-related concepts to key stakeholders along with experience with the following:
- Enterprise Mobility and Security Suite (EM+S), Advanced Threat Protection (ATP), Azure Information Protection (AIP) and Intune
- Azure Key Vault, Azure Security Center, Azure Operations Management Service, Log Analytics
- Identity and Access Management principals, including B2B and B2C cloud design and implementation
- Securing network and enterprise cloud applications
- Privileged access management technologies
- Strong understanding of security best practices and security frameworks, such as ISO/IEC 27001, NIST CSF, NIST 800-53 or OWASP
- Knowledge of host hardening, auditing, logging and monitoring, network security, SEIM deployments, security analytics, anomaly detections, PKI
- Market understanding of industry trends for cybersecurity, risk & threat intelligence, and governance
- Proven implementation of cloud security models, particularly identity, network, and encryption
- Demonstrated understanding of Microsoft security technologies and strategy
- Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments
- Experience with Infrastructure as Code Automation (e.g. Ansible) and Automation Skills (PowerShell and/or Python, Java, or a similar language)
- Experience with perimeter security and firewall technologies (Cisco, Fortinet) preferred.
- Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies
- Understanding of firewall concepts, security defense-in-depth, and the risk-based approach to security
- IT Systems Architecture/Infrastructure knowledge
- Experience supporting large and complex geographically distributed enterprise environments with 1000+ users
Education and Experience:
Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.