Cloud Security Engineer

Job Summary: We are seeking a highly skilled Cloud Security Engineer to join our dynamic Security Operations team. In this role, you will be responsible for managing the security of our AWS public cloud infrastructure and AWS cloud services. You will play a crucial role in implementing and maintaining security controls to ensure compliance with FedRAMP and CMMC standards. This is an excellent opportunity for someone with a strong background in cloud security who is passionate about safeguarding critical systems and data.

Responsibilities:

• · AWS Security Management. Oversee and manage the security posture of AWS cloud infrastructure, including EC2, S3, FSX, and other AWS services. Implement and manage AWS security features and tools such as IAM, Security Groups, VPC, Control Tower, CloudTrail and AWS Security Hub.
• · SIEM Integration. Work with SIEM solution provider in integrating security events from AWS CloudTrail, AWS Security Hub, or other AWS security services into the SIEM for event correlation and incident management purposes. 
• · Vulnerability Management. Conduct regular security assessments, audits, and vulnerability scans of AWS environments to identify and address potential risks. Leverage AWS security advisory services and vulnerability scanning tools.
• · Compliance & Risk Management. Develop and enforce security policies and procedures to maintain FedRAMP and CMMC compliance within AWS environments. Collaborate with internal teams to ensure that all cloud deployments adhere to regulatory and compliance requirements. Prepare, manage, and present evidence for audits, compliance reviews, and certifications.
• · Security Controls Implementation. Design, implement, and monitor security controls to protect AWS resources and sensitive data where needed. Utilize AWS security best practices to configure and manage encryption, access controls, and network security measures. 
• · Infrastructure Hardening. Work with DevOps and Operations teams in hardening EC2 servers and other AWS services following industry benchmarks such as CIS.  
• · Collaboration and Training. Work in close collaboration with DevOps and Operations teams to integrate security practices into the development and deployment processes. Provide guidance and training to team members on AWS security practices and FedRAMP/CMMC compliance requirements.
• · Attack Surface Management. Provide regularly scanning and information gathering on Internet provided services to identify any exposures of sensitive information or vulnerabilities available to potential attackers.
• · Threat Hunting. Proactive review of logs, security alerts, and actively scanning and monitoring to discover any potential threat actors or security risks in the AWS environments.
• · Incident Detection & Response. Work in collaboration with 3rd party SOC services for security monitoring and reviewing any suspicious activity or incidents raised by SOC teams. Assist in the containment, response and remediation efforts for any confirmed security incidents within AWS infrastructure. Escalate security incidents following the company’s Incident Response Plan.
• Security Threat Research. Leverage industry resources to stay current on evolving threats and security risks related to AWS public cloud services. 

Minimum Qualifications and Education Requirements:

• Certifications:  AWS Security Specialist certification
• Education:   Bachelor's degree in IT, or equivalent experience in a related field.
• Experience: Minimum of 3-5 years of experience in a cloud security role
• Skills:
  • Proficiency with security tools such as Tenable Nessus and technologies related to AWS cloud environments.
  • Strong problem-solving skills and the ability to respond effectively to security incidents.
  • Excellent communication skills with the ability to convey complex security concepts to both technical and non-technical stakeholders.

Preferred Requirements:

• Certifications:  Other relevant security certifications (e.g., CISSP, CISM, CISA) are a plus.
• Comp:  Experience and strong understanding of NIST 800-53 security standards
• DevOps & Scripting Skills: Experience with AWS CLI, Terraform or other DevOps tools

Job Requirements:

• Proven expertise in cloud security best practices, threat modeling, and risk management.
• Demonstrated experience implementing and maintaining FedRAMP and CMMC compliance within cloud environments.
• Strong understanding of AWS security services and features, including IAM, KMS, CloudTrail, and Security Hub.
• Ability to work under minimal supervision and under your own initiative.
• Ability to collaborate with other teams across multiple time zones and geographies.
• Occasionally  working evenings or weekends as required for scheduled or emergency maintenance.