Educology Solutions
Senior Cloud Security Engineer
Educology Solutions, Washington, District of Columbia, us, 20022
ESI is seeking a Senior Cloud Security Engineer to support work one of our customers.
Duties & Responsibilities
Deployment and ongoing maintenance of the AWS cloud security controls, as established by HBX.Identifying, deploying, and maintaining necessary cloud security controls; and ensure secure operation and maintenance of HBX 's AWS environment(s).Source-to-image container-based deployment model managementImage-stream container management - e.g. ensuring changes in the base image trigger an image rebuildAutomated CI pipeline management, Management of automated security scans, especially while building container imagesSupporting, creating, and managing cloud infrastructure through infrastructureas-code (IaC)Support gitops operational model. Infrastructure management by pull-requestsSupport deployment to multiple container-based cluster orchestration frameworksSupport applying business security rules through automated "operator agent"Support cloud native, container networking interfaceSupport for container network level isolationSupport for zero downtime scaling and upgradesSupport for backups of all stateful components, ability to restore with few minutes granularitySupport for storing all secrets in cloud-native KMS storesSupport auditing mode to view infrastructure divergenceMigrating production environment with zero downtimeSupport for automated approval based continuous deployment (CD)Support for chaos operations model to ensure robustnessMutual TLS across all container communications in the clusterFull dashboard visibility on the clusterSupport for automatic graphing of network communication patterns and dependenciesSupport for service mesh networking modelSupport for read-write-many distributed storage cluster-wideSupport for disaster recovery in a different cloud region (RTO/RPO 1hour)Management & Analysis of Security of Logs: support HBX IT staff to monitor and conduct in-depth analysis of logs, and work with HBX Privacy Officer to manage incident response in the event of a breach involving any HBX-managed data. Includes maintenance of centralized repository of log collection and analysis. All logs shall be monitored constantly to identify any potential threats/vulnerabilities.Qualifications:
Five years' experience in the following areas or with the following tools: • IT security, with a focus on designing and implementing security architectures for cloud environments. • Proficiency with AWS Cloud Platform. Deep understanding of cloud security best practices and technologies. • Security Technologies, including firewalls, VPNs, IDS/IPS, WAFs, SIEM, and endpoint security solutions. • Encryption, Amazon Cognito, AWS Security Hub, Amazon GuardDuty, Amazon Inspector (2) Familiarity with industry standards and regulations such as NIST, HIPAA, and SOC 2. Experience in conducting security assessments and audits. (3) Demonstrated problem-solving skills; excellent verbal and written communication skills, including the ability to explain complex security concepts to non-technical stakeholders; demonstrated ability to work effectively with cross-functional teams.Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.AWS Certified Security Certification - Specialty, earned in the past 5 years THIS IS REQUIREDCertifications in the any of the following are strongly preferred : Certified Information Systems Security Professional (CISSP) • Certified Cloud Security Professional (CCSP) • Certified Information Security Manager (CISM) • Certified Information Systems Auditor (CISA)
Duties & Responsibilities
Deployment and ongoing maintenance of the AWS cloud security controls, as established by HBX.Identifying, deploying, and maintaining necessary cloud security controls; and ensure secure operation and maintenance of HBX 's AWS environment(s).Source-to-image container-based deployment model managementImage-stream container management - e.g. ensuring changes in the base image trigger an image rebuildAutomated CI pipeline management, Management of automated security scans, especially while building container imagesSupporting, creating, and managing cloud infrastructure through infrastructureas-code (IaC)Support gitops operational model. Infrastructure management by pull-requestsSupport deployment to multiple container-based cluster orchestration frameworksSupport applying business security rules through automated "operator agent"Support cloud native, container networking interfaceSupport for container network level isolationSupport for zero downtime scaling and upgradesSupport for backups of all stateful components, ability to restore with few minutes granularitySupport for storing all secrets in cloud-native KMS storesSupport auditing mode to view infrastructure divergenceMigrating production environment with zero downtimeSupport for automated approval based continuous deployment (CD)Support for chaos operations model to ensure robustnessMutual TLS across all container communications in the clusterFull dashboard visibility on the clusterSupport for automatic graphing of network communication patterns and dependenciesSupport for service mesh networking modelSupport for read-write-many distributed storage cluster-wideSupport for disaster recovery in a different cloud region (RTO/RPO 1hour)Management & Analysis of Security of Logs: support HBX IT staff to monitor and conduct in-depth analysis of logs, and work with HBX Privacy Officer to manage incident response in the event of a breach involving any HBX-managed data. Includes maintenance of centralized repository of log collection and analysis. All logs shall be monitored constantly to identify any potential threats/vulnerabilities.Qualifications:
Five years' experience in the following areas or with the following tools: • IT security, with a focus on designing and implementing security architectures for cloud environments. • Proficiency with AWS Cloud Platform. Deep understanding of cloud security best practices and technologies. • Security Technologies, including firewalls, VPNs, IDS/IPS, WAFs, SIEM, and endpoint security solutions. • Encryption, Amazon Cognito, AWS Security Hub, Amazon GuardDuty, Amazon Inspector (2) Familiarity with industry standards and regulations such as NIST, HIPAA, and SOC 2. Experience in conducting security assessments and audits. (3) Demonstrated problem-solving skills; excellent verbal and written communication skills, including the ability to explain complex security concepts to non-technical stakeholders; demonstrated ability to work effectively with cross-functional teams.Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.AWS Certified Security Certification - Specialty, earned in the past 5 years THIS IS REQUIREDCertifications in the any of the following are strongly preferred : Certified Information Systems Security Professional (CISSP) • Certified Cloud Security Professional (CCSP) • Certified Information Security Manager (CISM) • Certified Information Systems Auditor (CISA)