Cloud Security Engineer

Cloud Security Engineer - (23000FK6)Position SummaryThe Cloud Security Engineer (CSE) should be hands-on in all aspects of Azure security including implementing security controls and threat protection, managing identity and access management, defining organizational structure and policies, using Azure technologies to provide data protection, configuring network security defenses, collecting and analyzing Azure logs, managing incident responses, and understanding regulatory concerns. As a Cloud Security Engineer, you design and implement a secure end-to-end infrastructure on Azure in a hybrid cloud setup.Essential FunctionsMonitor security events daily, performing investigations and working with appropriate team members, business teams, and Technology teams to develop solutions that address critical security concerns.Maintain and improve the security posture of the Azure platform, identifying and remediating vulnerabilities by using a variety of security tools.Provide cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks.Implement and configure security controls and policies, manage access to data, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.Implement threat protection and respond to security incident escalations.Automate security controls, data, and processes to provide better metrics and operational support using security-as-code.Configure access within a cloud solution environment using the defense-in-depth principle.Configure network security including in a hybrid context with traditional network-centric controls to ensure data protection.Manage operations within a cloud solution environment such as operations tasks, using cloud native tools like Log Analytics, Azure Monitor, and Azure Security Center or other monitoring tooling.Support our cloud engineers to implement security best practices and enable secure development and release processes.Deep understanding of configuring security policies and securing applications and data.Required For All JobsPerforms other duties as assigned.Complies with all policies and standards.For specific duties and responsibilities, refer to documentation provided by the department during orientation.Must abide by all requirements to safely and securely maintain Protected Health Information (PHI) for our patients. Annual training, the UH Code of Conduct, and UH policies and procedures are in place to address appropriate use of PHI in the workplace.QualificationsEducationBachelor's Degree in Information Technology, Computer Science, or a related field Required.Work Experience5+ years IT security experience Required.3+ years building and maintaining secure Azure cloud solutions and tools (Azure Monitor, Log Analytics, Azure Security Center) Required.Knowledge, Skills, & AbilitiesUnderstand agile and DevOps concepts in a security context such as 'trust but verify', central vs decentralized controls, and making agile teams as autonomous as possible while ensuring the teams adhere to the Non-Functional Requirements.A deep understanding of networking, e.g., IP subnetting, Network Security Groups, routing, Azure Firewall, ExpressRoute, load balancer, DNS.Strong familiarity with cloud capabilities and products and services for Azure, e.g., Azure Active Directory, Privileged Identity Management, VMs, Container Registry, Azure Kubernetes Services (AKS), Data Services, KeyVault.Have the intrinsic quality to want to continuously improve and do better.Hands-on and can-do mentality.Feeling of ownership.Good communication and presentation skills.Team player.Able to express ideas effectively in individual and group situations.Able to execute a task in a good manner and with good results with limited supervision.Strong skills in scripting and automation, Infrastructure-as-Code, and using CI/CD concepts.Experience with pipeline tooling for automated deployments and applying security controls.Experience with infrastructure orchestration tools such as Terraform and other cloud-specific infrastructure automation tools (Azure Resource Manager, Google Cloud Deployment Manager) to automate the creation of staging, testing, and production environments.Work experience from large, international companies and have dealt with or worked for global service providers.Licenses and CertificationsCertified Information System Security Professional (CISSP) Preferred.Certified Ethical Hacker (CEH) Preferred.Additional Licenses and CertificationsMicrosoft Azure Security related certifications (Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Information Protection Administrator Associate, or Microsoft Certified: Security Operations Analyst Associate) Preferred.Certified Cloud Security Professional (CCSP) Preferred.Certificate of Cloud Security Knowledge (CCSK) Preferred.Global Information Assurance Certification (GIAC) Preferred.Physical DemandsStanding Occasionally.Walking Occasionally.Sitting Constantly.Lifting Rarely 20 lbs.Carrying Rarely 20 lbs.Pushing Rarely 20 lbs.Pulling Rarely 20 lbs.Climbing Rarely 20 lbs.Balancing Rarely.Stooping Rarely.Kneeling Rarely.Crouching Rarely.Crawling Rarely.Reaching Rarely.Handling Occasionally.Grasping Occasionally.Feeling Rarely.Talking Constantly.Hearing Constantly.Repetitive Motions Frequently.Eye/Hand/Foot Coordination Frequently.

#J-18808-Ljbffr