Cloud Security Engineer + 100% Remote + 8 month contract(+extension)
The client is a systematic investment firm that values diversity and inclusion within the work place. The client manages global equity portfolios for institutional investors around the world.
This is a senior, hands-on, technical AWS Security and development operations engineer who will be working with our infrastructure/devops team and responsible for driving IT Cloud transformation and implementation. The Engineer will ensure that security is defined and implemented. This role will help drive architecture principles and best practices to be leveraged across the organization. A main focus for this position will be to design, implement, integrate and maintain all aspects of IT security.
This transformation (managed collectively by the team) will include:
* Identification of the use-case to consume Public Cloud based on defined pillars.
* Identification and containerization (Docker/K8S stack) of the applications that will require scalability, elasticity, and fast provisioning.
* CI/CD and Blue Green deployment approach.
* Integration of API into Infrastructure to serve CI/CD deployment.
* Drive and support AWS Cloud IT security strategy
* Design, drive and roll out:
* AWS Services Sandbox environments required for AWS training and services exploration for research and developer groups.
* IT Security controls necessary for each new AWS Services to be deployed within either AWS Service catalog or natively deployments.
* IT Security controls necessary for AWS multi-account management automation stacks.
* Collaborate with the Network Engineering and Cyber Security teams to integrate AWS Cloud designs, initiatives and controls into other platforms and workflows.
* Provide exceptional AWS Cloud security expertise at a very technical level, focusing on design, engineering and operational support towards the successful delivery of the IT transformation.
* Participate in deep Cloud architectural discussions and drive topics, directions and problem-solving outcomes to ensure solutions are designed for successful security controls for Cloud technologies; AWS public/private cloud, SaaS solutions and on-prem.
* Build and maintain effective partnerships with key cross-functional leaders and team members.
* Provide transversal leadership and the ability to federate is key for the Scrum Cloud team in conjunction with IT Security chapter.
* Educate and coach project team members, sponsors, and functional leaders on Cloud security aspects and their roles in effective change.
* Facilitate and advance high level strategic decision-making through detailed analyses and material preparations.
* Recommend appropriate new or revised process management tools and practices surrounding the IT Cloud Security.
* Design, guide and support multiple security Cloud work stream leads through the design and implementation of targeted change strategies including:
* Identification of change impacts to people, process, policy, structure, stakeholder identification & alignment, appropriate communication & feedback loops, success measures, training, organizational readiness, and long-term sustainability.
* Bachelor's degree in Computer Engineering or related field; at least 7 years of prior experience, financial services exposure is a plus. Master's in Computer Engineering preferred.
* Proven, relevant experience securing AWS Cloud for a firm.
* Experience evaluating pros and cons of each Security tool provided by AWS. This experience needs to have been done with automation (Python).
* Proven record of building DevSecOps API to support "Infra As Code" approach in CI/CD context. Solid experience with Python/Flask RestPlus/Swagger and CI/CD/Blue-Green deployment (Git/Gitlab/Gitlab CI).
* Experience with securing Docker containers and Kubernetes stacks.
* Experience working in Python / Boto3 on a daily basis.
* Experience working in Kanban or Agile Scrum sprint.
* Strong motivation to enhance cyber security controls and processes.
* Strong passion for technology, a willingness to learn new skills and the ability to evangelize.
* Self-motivated and self-directed; must possess the ability to translate technical direction into functional solutions.
* Ability to work effectively while managing multiple priorities and collaborating with cross-functional teams.
* Proven ability to investigate complex issues spanning multiple technologies and driving resolutions to completion.
* Ability to work with vendors, management, and staff at all levels within an organization.
* Complete understanding of AWS Cyber Security services and platforms, including but not limited to; GuardDuty, Inspector, AWS Config, Tower, Detective, Security Hub, Macie, CloudWatch, CloudTrail and STS.
* Complete understanding of AWS access controls methods and options including, but not limited to; KMS, IAM, Bucket Policies, permission boundaries SCP and Organizations.
* Complete understanding of AWS Networking components including, but not limited to; Transit Gateways, VPC, API/HTTP Proxy and Bastions.
* Complete understanding and ability to automate and integrate services and applications including, but not limited to; Lambda functions, Cloud Formation and post-scripting with the concept of "least privileged" access controls.
* Understanding of MITRE ATT&CK framework techniques and methodologies and how those pertain to the team's cloud design and provisioning.