Cloud Security Engineer
Role details
Job location
Tech stack
Requirements
This role requires a highly skilled and experienced cloud security professional with a deep understanding of securing cloud workloads, tools, and services. A strong preference would be given to candidates with prior Zero Trust Network Access (ZTNA) principles and a proven track record of implementing and managing secure cloud environments across multiple platforms. The ideal candidate will possess a strong combination of technical expertise and operational leadership. A candidate that brings strong experience in GCP cloud services to the state's multi-cloud program would be desired. Technical Skills: Zero Trust Network Access (ZTNA):
- The candidate must have extensive experience in ZTNA engineering and automation, ensuring secure, scalable, and policy-driven access control.
- This includes architecting and approving ZTNA configurations, implementing identity-aware segmentation, enforcing least privilege access policies, and leading the transition from traditional VPNs to ZTNA solutions.
- A deep understanding of NIST 800-207 and Zero Trust Architecture best practices is essential, along with hands-on experience with ZTNA technologies, particularly Zscaler.
Cloud Platform Expertise:
- The candidate must demonstrate a comprehensive understanding of cloud security platforms and Infrastructure as A service (IAAS) solution providers like Google, Amazon, and Microsoft.
- This includes in-depth knowledge of each provider's security services (e.g., IAM, security centers, firewalls, key management, logging, and monitoring tools), as well as the ability to design and implement secure cloud architecture.
- The candidate should be well-versed in cloud-native security controls, security posture management (CSPM) tools, and best practices for ensuring compliance with relevant security frameworks (NIST, ISO, SOC 2).
Identity and Access Management (IAM):
- Working knowledge of IAM concepts and best practices is crucial, with specific experience in Okta preferred.
- The candidate should be proficient in implementing least privilege access controls, federation, single sign-on (SSO), and other IAM solutions across multiple cloud platforms.
Security Automation and Orchestration:
- The candidate should possess a strong understanding of automation pipelines and experience with scripting and automation tools such as Python, Terraform, CloudFormation, and Azure Resource Manager.
- The ability to automate security tasks and processes, as well as experience with Security Orchestration,
- Automation and Response (SOAR) platforms are highly desirable.
Security Monitoring and Incident Response:
- Experience with Security Information and Event Management (SIEM) logging and analysis is essential, along with an understanding of Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) concepts.
- The candidate must be capable of analyzing security logs and alerts, conducting threat hunting, and participating in incident response procedures and methodologies.
Security Policy, Compliance, and Governance:
- A working knowledge of current security policies, federal and state compliance regulations, and governance standards is necessary. The candidate should be able to implement security.
- controls to meet compliance requirements and have experience with cloud-specific compliance frameworks like FedRAMP.
Data Security:
- The candidate must demonstrate an understanding of data classification standards and experience with data loss prevention (DLP) configurations.
Network Security:
- A deep understanding of modern networking standards, including Zero Trust principles, is crucial.
- The candidate should have extensive experience with network security concepts and technologies, including firewall management, intrusion detection/prevention systems (IDS/IPS), network segmentation, VPNs, routing and switching protocols, network traffic analysis, and network security tools (e.g., Wireshark, tcpdump).
- Experience with Network Access Control (NAC), DNS security, load balancers, and web application firewalls (WAFs) is also highly desirable.
Endpoint Security:
- The candidate should possess an understanding of endpoint security concepts and technologies., Education and Certifications (Preferred):
- Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
- Relevant certifications (e.g., CISSP, CCSP, AWS Certified Security - Specialty, Google Cloud Certified Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate).
Experience Level:
- Minimum of 7-10 years of experience in information security, with a focus on cloud security and ZTNA.
- Significant experience with GCP, AWS, and/or Azure.
- Demonstrated experience in implementing and managing ZTNA solutions., * The candidate must have extensive experience in ZTNA engineering and automation,
- Experience with Security Information and Event Management (SIEM)
- The candidate must demonstrate an understanding of data classification standards and experience with data loss prevention (DLP) configurations.
- The candidate should possess an understanding of endpoint security concepts and technologies.
- Strong analytical and problem-solving skills are vital, along with the ability to think critically and strategically, anticipate security risks, and develop effective mitigation strategies.
Soft Skills & Experience: Leadership and Communication:
- The candidate should be able to lead and mentor junior security engineers, possess excellent communication and presentation skills, and effectively explain complex technical concepts to non-technical audiences.
Problem-Solving and Critical Thinking:
- Strong analytical and problem-solving skills are vital, along with the ability to think critically and strategically, anticipate security risks, and develop effective mitigation strategies.