23 May
AWS Security Engineer (Firewalls)-Telework available
Vacancy expired!
The responsibilities encompass collaborating with other DevOps and SysOps teams to transition public-facing, on-premise applications to the cloud; securing the configuration management of the cloud infrastructure; mitigating risks, and applying security controls to improve visibility and diagnostics in compliance with governing Federal requirements and security best practices.
- Developing and deploying infrastructure as code (IaC) scripts to implement and optimize security controls and mechanisms of a cloud infrastructure.
- Acting as the subject matter expert for cloud security and tools such as Security Information and Event Management (SIEM), access control mechanisms, Intrusion Detection and Intrusion Prevention Systems (IDS/IPS).
- Experience with Cisco ASA Firewalls or other firewalls/security devices(Juniper/Palo Alto) in an enterprise environment.
- Monitoring cloud infrastructure and pro-actively mitigate potential incidents before service degradation occurs.
- Providing guidance to our DevOps teams developing on public cloud platforms, advising on security standards for cloud deployment, and working to identify common patterns for template provisioning.
- Conducting assessments of security controls for new and existing cloud systems; creating and maintaining as-built system documentation, architecture diagrams, and online collaborative documentation.
- Determining security modes of operation and recommending new or revised security measures and countermeasures for current security challenges.
- Collaborating with team members to continue to evolve and implement a state-of-the-art secure cloud infrastructure.
- Minimum of 5+ years of directly relevant experience in system security administration. A Bachelor's degree in computer science, cyber security, engineering, or other related discipline would be viewed favorably but does not negate the minimum experience requirement.
- Experience in designing and implementing an enterprise-wide cloud security architecture.
- Proficiency with SIEM and vulnerability management solutions.
- Experience using common networking tools to aid in troubleshooting, including nmap, Wireshark, tcpdump, etc.
- Proficiency in one or more scripting languages: Python, Perl, PowerShell, or Bash.
- Proficiency with TCP/IP/UDP ports and protocols, IDS/IPS, Network Access Control List (NACL), Access Control Lists (ACL), and Security Group (SG) applications.
- CISSP certification or ability to obtain within first six months of employment.
- Strong written and verbal communications skills.
- Ability to obtain Level 2 Secret (ANACI) clearance if required.
- Creating and editing AWS Cloud Formation scripts.
- Securing and monitoring Kubernetes.
- Managing and monitoring a centralized AWS logging architecture (e.g., Splunk).
- AWS Certified Security - Specialty, ISC2, or Cloud Security Alliance.
Vacancy expired!