Arkansas Department of Workforce Services
Senior Cloud Security Engineer - Vault SME
Arkansas Department of Workforce Services, Fayetteville, Arkansas, us, 72702
This job was posted by https://www.arjoblink.arkansas.gov : For more information, please see: https://www.arjoblink.arkansas.gov/jobs/4367658
A Senior Cloud Security Engineer at Arvest is an experienced and highly skilled Security Engineer who leads and supports Cloud security tooling such as IaC, Container Scanning, and SCC (Security Command Center), curates results, validates findings, and partners with Engineering teams in issue remediation. They implement and maintain a security reference architecture within Arvests products and software development lifecycle; ensure Cloud security standards are delivered, coordinate penetration testing, and maintain various Cloud vulnerability scanning tools. A Senior Application Security Engineer partners with IT and Development teams to develop Cloud security policies and procedures and ensure compliance with industry regulations and requirements.
We are seeking candidates who embrace diversity, equity, and inclusion in a workplace where everyone feels valued and inspired.
What Youll Do at Arvest: (Other duties may be assigned.)
? Design, create, and execute security controls to identify, protect, detect, and respond to risks against the Arvest cloud.
? Develop and maintain cloud security architecture processes and artifacts that enable the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
? Oversee the development of baseline security configuration standards for cloud and related technologies.
? Review network segmentation to ensure least privilege for network access.
? Serve as a technical point of contact for development as it relates to Cloud configuration, Cloud and container security, and products being securely developed and deployed into the Cloud.
? Serve as the primary liaison between the Enterprise Architects and the Systems Security Engineers and coordinate with product family owners on the allocation of security controls.
? Configure and maintain Cloud and container tooling/processes.
? Evaluate and determine scope for required penetration testing of containers, APIs, systems, and networks.
? Assist teams in reproducing, triaging, and addressing Cloud security vulnerabilities.
? Perform secure design assessments for all proposed Cloud configuration related changes.
? Perform security focused configuration reviews.
? Collaborate with Engineering on secure design review.
? Manage security tooling including ensuring tools are working as expected, minimizing false positives, and curating and generating metrics.
? Document vulnerability findings, validate findings, and articulate to relevant technical stakeholders, e.g., Engineering, and track and record remediation in JIRA.
? Collaborate with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs.
? Participate in cybersecurity and business-related councils or working groups, as needed.
? Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
? Collaborate with enterprise architects and systems engineers to identify and align to attack surface management best practices.
? Ensure compliance with industry standards and regulations related to Cloud security. Stay up to date with the latest security trends, threats, and best practices. Ensure compliance with industry standards and regulations related to Cloud security.
? Mentor and share unique expertise and experiences with other team members.
? Understand and comply with bank policy, laws, regulations, and the bank\'s BSA/AML Program, as applicable to your job duties. This includes but is not limited to; complete compliance training and adhere to internal procedures and controls; report any known violations of compliance policy, laws, or regula ions and report any suspicious customer and/or account activity.
A Senior Cloud Security Engineer at Arvest is an experienced and highly skilled Security Engineer who leads and supports Cloud security tooling such as IaC, Container Scanning, and SCC (Security Command Center), curates results, validates findings, and partners with Engineering teams in issue remediation. They implement and maintain a security reference architecture within Arvests products and software development lifecycle; ensure Cloud security standards are delivered, coordinate penetration testing, and maintain various Cloud vulnerability scanning tools. A Senior Application Security Engineer partners with IT and Development teams to develop Cloud security policies and procedures and ensure compliance with industry regulations and requirements.
We are seeking candidates who embrace diversity, equity, and inclusion in a workplace where everyone feels valued and inspired.
What Youll Do at Arvest: (Other duties may be assigned.)
? Design, create, and execute security controls to identify, protect, detect, and respond to risks against the Arvest cloud.
? Develop and maintain cloud security architecture processes and artifacts that enable the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
? Oversee the development of baseline security configuration standards for cloud and related technologies.
? Review network segmentation to ensure least privilege for network access.
? Serve as a technical point of contact for development as it relates to Cloud configuration, Cloud and container security, and products being securely developed and deployed into the Cloud.
? Serve as the primary liaison between the Enterprise Architects and the Systems Security Engineers and coordinate with product family owners on the allocation of security controls.
? Configure and maintain Cloud and container tooling/processes.
? Evaluate and determine scope for required penetration testing of containers, APIs, systems, and networks.
? Assist teams in reproducing, triaging, and addressing Cloud security vulnerabilities.
? Perform secure design assessments for all proposed Cloud configuration related changes.
? Perform security focused configuration reviews.
? Collaborate with Engineering on secure design review.
? Manage security tooling including ensuring tools are working as expected, minimizing false positives, and curating and generating metrics.
? Document vulnerability findings, validate findings, and articulate to relevant technical stakeholders, e.g., Engineering, and track and record remediation in JIRA.
? Collaborate with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs.
? Participate in cybersecurity and business-related councils or working groups, as needed.
? Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
? Collaborate with enterprise architects and systems engineers to identify and align to attack surface management best practices.
? Ensure compliance with industry standards and regulations related to Cloud security. Stay up to date with the latest security trends, threats, and best practices. Ensure compliance with industry standards and regulations related to Cloud security.
? Mentor and share unique expertise and experiences with other team members.
? Understand and comply with bank policy, laws, regulations, and the bank\'s BSA/AML Program, as applicable to your job duties. This includes but is not limited to; complete compliance training and adhere to internal procedures and controls; report any known violations of compliance policy, laws, or regula ions and report any suspicious customer and/or account activity.