Logo
InterSources

Cloud Security Engineer Job at InterSources in Sacramento

InterSources, Sacramento, CA, United States


Cloud Security Engineer
Address: Sacramento, CA 95814
36+ Months Contract Position

Job Description:
The cloud security engineer shall architect, deploy and operate a secure cloud application infrastructure that aligns with Client's business needs. The cloud security engineer is responsible for supporting operational innovation and providing security direction to the business to elevate Client's security posture within a cloud computing infrastructure. In an advanced role, the cloud security engineer helps deliver applications at scale and with resiliency to support business initiatives. The cloud security engineer is also expected to possess advanced administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. The cloud security engineer should be adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance.
The cloud security engineer will be working closely with Client's Information Technology Unit (ITU)cloud architect, cloud engineer, network security and system administrative teams to meet Client's security programs security initiatives. The cloud security engineer must utilize a variety of communication and collaboration modes, mediums and methodologies dependent upon audience, activity and message. Is responsible for all communication related documentation as well as consultant-services subject-related documentation and the ongoing maintenance of this documentation throughout their tenure. Documentation shall include but not be limited to meeting agendas, meeting minutes/notes, training materials, quick reference guides, outreach materials, videos, and presentations. The cloud security engineer will perform all associated services and activities necessary to successfully complete the requested services.

Responsibilities:
The cloud security engineer is responsible for the following services and activities during the term of the Agreement. Client reserves the right to request additional analyses and assessments, as needed. The Contractor may suggest development of additional services in specific areas. Client must authorize the need for additional services prior to services being rendered. All services and activities will be due per mutually agreed upon schedule.
A. Security System Development and Operations
The cloud security engineer will plan and organize activities of Client's technical security program areas related to Client's ITU cloud infrastructures for all OIS security systems and services. The cloud security engineer shall:
• Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with Client's ITU architects and system engineers.
• Secure business applications and computing environments across public, private or hybrid cloud infrastructures.
• Protect business applications in compliance with privacy, security, business resiliency and compliance frameworks as defined in Client's security policies.
• Configure Azure, AWS and MS 365 based on the best security technical standards.
• Maintain a consistent, secure environment using configuration management solutions (e.g., Puppet, Chef, Ansible, etc.). Conduct rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
• Deploy strong identity and access management (IDAM) controls across applications and computing environments.
• Assist with development, maintenance and utilization of scripts (e.g., PowerShell, Python, Ruby, etc.) to support custom extract transform load (ETL) tools with a security focus for data flow.
• Attend regular technical project and implementation meetings and serve as the security consultant to help guide secure application and infrastructure configurations.
• Actively monitor, assess and recommend tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments.
B. Security Monitoring - Detection and Response
• Lead and manage remediation efforts after security assessment findings outline weaknesses of Client's assets that include using eDiscovery, vulnerability management, endpoint protection and security information event management (SIEM) security controls.
• Assist in maintaining strong oversight with cloud computing vendors and solution
providers to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
• Act as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement with security operations and incident response teams.
C. Security Standards, Plans and Procedures
• Document and refine Client's security program technical requirements with ITU cloud architect and engineering, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply learned knowledge across Client key lines of business areas, including products, practices and services.
D. Change Management and Meetings
• Attend and fully engage in change and project management meetings. Skill No. of Years Contractor must have successfully completed one (1) project, at minimum, And must possess a minimum of five (5) years of experience in cloud security engineering as a practitioner. Contractor must have successfully completed one (1) project, at minimum, And must possess a minimum of three (3) years of exposure with MS Azure or Amazon Web Services (AWS). Contractor must have successfully completed one (1) project, at minimum, And must possess a minimum of three (3) years of experience writing technical
documentation to meet a security programs business objective. Experience - must have a minimum of seven (7) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities. Experience - must have a minimum of seven (7) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities. Requires the possession of a bachelor's degree in an IT-related or Engineering field. Additional qualifying experience may be substituted for the required
education on a year-for-year basis. minimum of five (5) years of Full-Time Equivalent (FTE) experience in cloud networking architecture and cloud operations, with cloud access security broker (CASB) experience. minimum of three (3) years of FTE experience with configuration as code and infrastructure as code solutions such as Terraform, Ansible, PowershellDSC and GIT. minimum of seven (7) years of FTE network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP and public key infrastructure (PKI). minimum of five (5) years of FTE experience with scripting languages such as Python, PowerShell and bash. minimum of two (2) years of FTE experience in the use of threat intelligence services in a production environment minimum of five (5) years of FTE experience of a wide range of incident response, system configuration, vulnerability management and hardening guidelines. minimum of five (5) years of FTE experience problem-solving abilities to manage complex local and international security requirements. minimum of five (5) years of FTE experience collaborating with technical and non-technical teams to promote ideas to support business enablement. minimum of three (3) years of FTE experience with Microsoft EntraID (Azure AD), AWS IAM policies, and role-based access control (RBAC). minimum of three (3) years of FTE experience in automating security tasks through APIs and cloud automation frameworks. minimum of three (3) years of FTE experience integrating security into DevOps pipelines, using Infrastructure as Code (IaC) tools like Terraform, AWS CloudFormation, or Azure ARM templates. minimum of three (3) years of FTE experience with security frameworks (e.g., NIST, CSF, ISO 27000 series, MITRE, OWASP). minimum of three (3) years of FTE experience with Zero Trust security models and Identity and Access Management (IAM), including Multi-Factor Authentication (MFA) and Privileged Access Management (PAM). Current certification in a minimum of two (2) of the following: MS Cybersecurity Architect Expert, Azure Security Engineer Associate, AWS Certified Security, CompTIA Cloud +, CompTIA Security +, Certified Cloud Security Professional (CCSP), GIAC Cloud Security
utomation (GCSA)
About Us:
InterSources Inc. is a Small, Woman, and Minority-Owned Business Enterprise, ISO/IEC 27001, SOC 2 Type 2 certified company with massive 18+ years of diversified experience in providing IT Consulting Services, Artificial Intelligence, Data Analysis, Application Development, Cloud Services, Cybersecurity, Digital Marketing, ERP Management, Custom Software Development, Web Development, UI/ UX Design, System Integration, QA Support etc. We make reasonable accommodations for clients and employees, and we do not discriminate based on any protected attribute including race, religion, color, national origin, gender sexual orientation, gender identity, age, or marital status. We also are a Google Cloud and Oracle partner company.