KeenLogic
Cloud Security Engineer
KeenLogic, Arlington, Virginia, United States, 22201
KeenLogic is seeking to hire a Cloud Security Engineer (Azure/AWS Technical Advisor)
to join our team at the Drug Enforcement Administration. As a Cloud Security Engineer, you will play a crucial role indesigning, implementing, and maintaining security measures to protect an organization's cloud-based infrastructure and data. This role requires a deep understanding of cloud technologies, security best practices, and a proactive approach to identifying and mitigating security risks.
Cloud Security Engineers use technical guidance and engineering best practices to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. These individuals are proficient in identity and access management (IAM), using cloud technology to provide data protection, container security, networking, system administration, and zero-trust
architecture.Cloud Engineers must have a comprehensive knowledge of FISMA, NIST, NSA, and other information security, cybersecurity, UAM, and CDM-related industry policies, standards, procedures, guidelines, best practices, developing, engineering, implementing, testing, evaluating, configuring, monitoring, and maintaining cybersecurity, UAM, CDM, insider threat detection/analysis incident detection/analysis, and vulnerability compliance and assessment software and hardware.
Personnel assigned to this role will serve primarily on the ISSO as a Service (ISSaaS) team. The designated contract team member for the ISSO as a Service (ISSaaS) team is considered Key Personnel.
This is a full-time position offering Fortune 500-level benefits, PTO, 401k, and Life Insurance, and monthly reimbursement for travel. This position is based in Arlington, VA and follows a 3x2 schedule, 3 days a week onsite and 2 days of remote work.
Required
Qualifications:
Active Secret
clearanceMust be eligible for Top-Secret
clearanceMaster’s degree in Computer Science, Information Systems, or Information Technology Engineering, Information Technology Management, Business Management, or task order specific discipline or related field, equivalent work experience or equivalent educational and/or qualifications, and ten years of documented relevant work experienceCertifications: DoD IAT, IASAE, or CSSP Level II or III or
equivalent20+ years of experience in any combination of cloud cybersecurity, cloud security
engineering,
and/or cybersecurity
experience.Experience in network, system, software, and/or cloud architecture; design, implementation, support, and evaluation of security-focused tools and servicesJob
Duties:
Design and implement secure cloud architecture for various cloud platforms (AWS, Azure, &
GCP)Collaborate closely with architects and developers to ensure security is integrated into the entire cloud environmentImplement and manage security monitoring tools for cloud
environmentsRespond to and investigate security incidents, providing timely
resolutionEnsure cloud environments comply with industry standards and
regulationsImplement and monitor governance frameworks for cloud
securityDevelop and maintain scripts or automation tools for security
tasksImplement DevSecOps practices to integrate security into the CI/CD
pipelineConduct regular vulnerability assessments and coordinate remediation efforts Keep abreast of emerging threats and vulnerabilities in cloud environmentsMaintains all
documentationSupports and develops
automationDevelop in languages such as Bash, PowerShell,
PythonMaintains/enhances knowledge of related (AWS / Azure / GCP / OCI) cloud
servicesMonitors and tunes the cloud systems to achieve optimum performance
levelsPropose and implement cloud infrastructure transformation and automation based on
customer
requirementsAssist in building, troubleshooting, and optimizing container-based cloud
infrastructureAssist in selecting, implementing, and tuning configuration management (CM) technology
platformsAssist in ensuring operational readiness for launching secure and scalable workloads into public and hybrid cloud environmentsWork to validate existing infrastructure security, performance, and availability and make recommendations for improvements and optimizationCollaborate with application developers and database administrators to deliver
creative
solutions to difficult technology challenges and business
requirementsPreferred
Qualifications:
Any combination of security engineering experience in the following areas: AWS GOV Cloud, SPLUNK, tools (CORE, SOAR, ES, UBA), SIEM , Azure Cloud, Kubernetes, Docker, Rancher, Linux, or windows command line experience. (AWS, Ali Cloud, Azure), Familiarity with CloudFormation, EC2, EMR, S3, Redshift, RDS, SQS and AutoScaling Groups, and container orchestration is a plusAWS Certified Cloud Practitioner, AWS Certified Solutions Architect – Professional, AWS DevSecOps Engineer, AWS Solutions Architect Associate, AWS Security SpecialtyAzure Fundamentals, Azure Data Fundamentals, Azure Ai Fundamentals, Azure Security Engineering Associate, Azure Solutions Architect ExpertAWS
InspectorAWS GuardDuty & Security
HubIntegrate AWS events with Azure
Sentinel3rd party firewall appliances – Palo
altoCyberArk – Installation &
Configuration
Google Associate Cloud
EngineerCloud Security Alliance: Certificate of Cloud Security Knowledge
(CCSK)SANS Institute Certification SEC541: Cloud Security Attacker Techniques, monitoring, and threat detectionSANS Institute Certifications: SEC 488: Cloud Security Essentials, SEC 540: Cloud Security and DevSecOps Automation, SEC 388: Introduction to Cloud Computing and SecurityExperience briefing and building visualization for executive leadership, PowerBI &
API
use, risk assessment through data
aggregation.
Education
Substitution:
Any combination of certificates such
as:
AWS Certified Cloud Practitioner, AWS Certified Solutions Architect – Professional, AWS DevSecOps Engineer, AWS Solutions Architect Associate, AWS Security SpecialtyAzure Fundamentals, Azure Data Fundamentals, Azure Ai Fundamentals, Azure Security Engineering Associate, Azure Solutions Architect ExpertGoogle Associate Cloud
EngineerCloud Security Alliance: Certificate of Cloud Security Knowledge
(CCSK)SANS Institute Certification SEC541: Cloud Security Attacker Techniques, monitoring, and threat detectionSANS Institute Certifications: SEC 488: Cloud Security Essentials, SEC 540: Cloud Security and DevSecOps Automation, SEC 388: Introduction to Cloud Computing and SecurityMay be considered equivalent to two (2) year of general experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels II or III may be considered equivalent to two (2) years of relevant experience.Any combination of certificates such as Microsoft’s MCSE, or Cisco’s, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience / information technology experience.Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II, or III may be
considered
#J-18808-Ljbffr
to join our team at the Drug Enforcement Administration. As a Cloud Security Engineer, you will play a crucial role indesigning, implementing, and maintaining security measures to protect an organization's cloud-based infrastructure and data. This role requires a deep understanding of cloud technologies, security best practices, and a proactive approach to identifying and mitigating security risks.
Cloud Security Engineers use technical guidance and engineering best practices to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. These individuals are proficient in identity and access management (IAM), using cloud technology to provide data protection, container security, networking, system administration, and zero-trust
architecture.Cloud Engineers must have a comprehensive knowledge of FISMA, NIST, NSA, and other information security, cybersecurity, UAM, and CDM-related industry policies, standards, procedures, guidelines, best practices, developing, engineering, implementing, testing, evaluating, configuring, monitoring, and maintaining cybersecurity, UAM, CDM, insider threat detection/analysis incident detection/analysis, and vulnerability compliance and assessment software and hardware.
Personnel assigned to this role will serve primarily on the ISSO as a Service (ISSaaS) team. The designated contract team member for the ISSO as a Service (ISSaaS) team is considered Key Personnel.
This is a full-time position offering Fortune 500-level benefits, PTO, 401k, and Life Insurance, and monthly reimbursement for travel. This position is based in Arlington, VA and follows a 3x2 schedule, 3 days a week onsite and 2 days of remote work.
Required
Qualifications:
Active Secret
clearanceMust be eligible for Top-Secret
clearanceMaster’s degree in Computer Science, Information Systems, or Information Technology Engineering, Information Technology Management, Business Management, or task order specific discipline or related field, equivalent work experience or equivalent educational and/or qualifications, and ten years of documented relevant work experienceCertifications: DoD IAT, IASAE, or CSSP Level II or III or
equivalent20+ years of experience in any combination of cloud cybersecurity, cloud security
engineering,
and/or cybersecurity
experience.Experience in network, system, software, and/or cloud architecture; design, implementation, support, and evaluation of security-focused tools and servicesJob
Duties:
Design and implement secure cloud architecture for various cloud platforms (AWS, Azure, &
GCP)Collaborate closely with architects and developers to ensure security is integrated into the entire cloud environmentImplement and manage security monitoring tools for cloud
environmentsRespond to and investigate security incidents, providing timely
resolutionEnsure cloud environments comply with industry standards and
regulationsImplement and monitor governance frameworks for cloud
securityDevelop and maintain scripts or automation tools for security
tasksImplement DevSecOps practices to integrate security into the CI/CD
pipelineConduct regular vulnerability assessments and coordinate remediation efforts Keep abreast of emerging threats and vulnerabilities in cloud environmentsMaintains all
documentationSupports and develops
automationDevelop in languages such as Bash, PowerShell,
PythonMaintains/enhances knowledge of related (AWS / Azure / GCP / OCI) cloud
servicesMonitors and tunes the cloud systems to achieve optimum performance
levelsPropose and implement cloud infrastructure transformation and automation based on
customer
requirementsAssist in building, troubleshooting, and optimizing container-based cloud
infrastructureAssist in selecting, implementing, and tuning configuration management (CM) technology
platformsAssist in ensuring operational readiness for launching secure and scalable workloads into public and hybrid cloud environmentsWork to validate existing infrastructure security, performance, and availability and make recommendations for improvements and optimizationCollaborate with application developers and database administrators to deliver
creative
solutions to difficult technology challenges and business
requirementsPreferred
Qualifications:
Any combination of security engineering experience in the following areas: AWS GOV Cloud, SPLUNK, tools (CORE, SOAR, ES, UBA), SIEM , Azure Cloud, Kubernetes, Docker, Rancher, Linux, or windows command line experience. (AWS, Ali Cloud, Azure), Familiarity with CloudFormation, EC2, EMR, S3, Redshift, RDS, SQS and AutoScaling Groups, and container orchestration is a plusAWS Certified Cloud Practitioner, AWS Certified Solutions Architect – Professional, AWS DevSecOps Engineer, AWS Solutions Architect Associate, AWS Security SpecialtyAzure Fundamentals, Azure Data Fundamentals, Azure Ai Fundamentals, Azure Security Engineering Associate, Azure Solutions Architect ExpertAWS
InspectorAWS GuardDuty & Security
HubIntegrate AWS events with Azure
Sentinel3rd party firewall appliances – Palo
altoCyberArk – Installation &
Configuration
Google Associate Cloud
EngineerCloud Security Alliance: Certificate of Cloud Security Knowledge
(CCSK)SANS Institute Certification SEC541: Cloud Security Attacker Techniques, monitoring, and threat detectionSANS Institute Certifications: SEC 488: Cloud Security Essentials, SEC 540: Cloud Security and DevSecOps Automation, SEC 388: Introduction to Cloud Computing and SecurityExperience briefing and building visualization for executive leadership, PowerBI &
API
use, risk assessment through data
aggregation.
Education
Substitution:
Any combination of certificates such
as:
AWS Certified Cloud Practitioner, AWS Certified Solutions Architect – Professional, AWS DevSecOps Engineer, AWS Solutions Architect Associate, AWS Security SpecialtyAzure Fundamentals, Azure Data Fundamentals, Azure Ai Fundamentals, Azure Security Engineering Associate, Azure Solutions Architect ExpertGoogle Associate Cloud
EngineerCloud Security Alliance: Certificate of Cloud Security Knowledge
(CCSK)SANS Institute Certification SEC541: Cloud Security Attacker Techniques, monitoring, and threat detectionSANS Institute Certifications: SEC 488: Cloud Security Essentials, SEC 540: Cloud Security and DevSecOps Automation, SEC 388: Introduction to Cloud Computing and SecurityMay be considered equivalent to two (2) year of general experience. Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels II or III may be considered equivalent to two (2) years of relevant experience.Any combination of certificates such as Microsoft’s MCSE, or Cisco’s, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience / information technology experience.Certificates under the DoD IAM, IAT, IASAE, or CSSP Levels I, II, or III may be
considered
#J-18808-Ljbffr