This company is looking for a staff level engineer to build & deploy security infrastructure and automate security operations for customers. This company has 20+ years experience within Financial Services, across Wealth Management, Asset Management, Insurance, and Banking. This position is 100% remote! Salary range of 140-160k
* Technical expertise in building security capabilities in code and deploying infrastructure in code
* Implementation experience with enterprise security solutions such as WAF, IPS, Anti-DDOS, and SIEM
* Experience with Chef, Puppet, Salt, or Ansible in production environments at scale
Example of tasks to be performed
* Configure Identity Provider
* Route 53 Resolver Query Logging to S3
* Create/Use CMK in each account that becomes the default CMK
* Create "Security Service" KMS keys for each account to support encrypted storage and transmission operations such as SSM Sessions, CloudWatch Log groups,
* Credential Protection/Storage: Vault is the standard today (Issuing)
* Implement EBS encryption default enabled in each account/region upon creation
* Support of Tokenization mechanism (likely minimal Cloud Infrastructure impacts)
* Support of Payment HSM mechanism (likely minimal Cloud Infrastructure impacts)
* Implement event-based automation of Enterprise Support enrollment for new accounts.
* IR IAM Roles in Every Account - Alert to GSOC when IR role is used.
* Enable GuardDuty, AWS Config, and Security Hub in each account, centralized results.
* Enable Amazon Macie in for non-PCI accounts, centralized results