Challenge Accepted
Cloud Security Engineer
Location
Washington
Posted
75 days ago
Salary
0
Seniority
Senior
Job Description
Cloud Security Engineer
SOSi
• Implement and maintain cloud security frameworks, ensuring compliance with NIST 800-53 Rev. 5, FedRAMP, and DoD IL-4/IL-5 security mandates. • Configure and manage Identity and Access Management (IAM) solutions, role-based access controls (RBAC), and Zero Trust Architecture (ZTA) principles. • Conduct vulnerability assessments, security monitoring, and incident response within cloud environments. • Develop and maintain System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M). • Provide the Cloud Security Compliance & Risk Report, ensuring all cloud-based operations remain in accordance with DoD security requirements.
Job Requirements
- Active Secret Clearance
- Bachelor's degree in Cybersecurity, Information Assurance, or a related field, OR five (5) years of equivalent experience in cloud security engineering.
- Demonstrated experience in implementing cloud security frameworks, configuring identity and access management (IAM) solutions, and conducting vulnerability assessments in cloud environments.
- Experience with SIEM tools, zero-trust architecture, and cloud security monitoring solutions is required.
- Possess the knowledge and capability to implement security controls and frameworks within cloud environments, ensuring compliance with NIST 800-53 Rev. 5, FedRAMP, and DoD IL 2, 4, and 5 security policies.
- Proficient in identity and access management (IAM), security monitoring, and cloud-native security solutions.
- Preferred Qualifications: Certifications include CISSP, AWS Certified Security – Specialty, or Microsoft Certified: Security, Compliance, and Identity Fundamentals.
Benefits
- Employees can work remotely
- All interested individuals will receive consideration and will not be discriminated against for any reason.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Staff Cloud Security Engineer
LastPassLastPass manages your passwords and online life, so you don’t have to.
• Collaborate closely with our DevOps, CI/CD engineers, and Architecture team • Implement and maintain security best practices across our infrastructure • Leverage your expertise in security architecture to help engineers build and securely operate products and services from the ground up • Assess, design, and implement security processes and controls to meet security, compliance, and audit requirements • Conduct proactive research to identify emerging threats and attack vectors • Collaborate within a highly agile product security team and across other cross-functional teams
Staff Cloud Security Engineer
LastPassLastPass manages your passwords and online life, so you don’t have to.
• Collaborate closely with DevOps, CI/CD engineers, and Architecture team to implement and maintain security best practices across our infrastructure. • Leverage your expertise in security architecture to help engineers build and securely operate products and services from the ground up • Assess, design, and implement security processes and controls to meet security, compliance, and audit requirements • Conduct proactive research to identify emerging threats and attack vectors • Collaborate within a highly agile product security team and across other cross-functional teams
• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), review their outputs, and assist the development team with remediation strategies. • Configure and manage security tools such as Checkmarx and leverage GitHub's native security features to scan vulnerabilities in the codebase and dependencies. • Ensure integration of security scans within our CI/CD pipelines to identify vulnerabilities early in the development process. • Implement and enforce security best practices for containerization within AWS ECS and ECR environments, focusing on secure configurations, image scanning, and robust access control measures. • Lead the coordination and management of vulnerability scanning and remediation efforts across the application stack, encompassing the codebase, containers, and AWS infrastructure. • Conduct thorough penetration testing on products and systems, including web applications and services, to identify and exploit security flaws. • Participate in triage calls with cross-functional teams and effectively communicate vulnerability details, risks, and potential impacts to stakeholders.
• leitest komplexe Projekte im Bereich Cybersecurity und IT-Risiken innerhalb eines internationalen Programms • bringst deine Expertise in Informationssicherheit ein und steuerst die Umsetzung sicherheitsrelevanter Anforderungen • koordinierst Ad-hoc-Anfragen und priorisierst Aufgaben zur Einhaltung von Projektzeitplänen • strukturierst Projekte und planst Ressourcen für eine erfolgreiche Umsetzung • überwachst IT- und Business-Projekte und stellst sicher, dass IT-Risiken und Sicherheitsaspekte berücksichtigt werden • steuerst die Zusammenarbeit zwischen verschiedenen Stakeholdern und förderst eine effektive Kommunikation • entwickelst kreative Lösungsansätze für komplexe Herausforderungen im Cybersecurity-Umfeld • kommunizierst Anforderungen und Änderungen im IT- und Cyber-Risiko-Referenzrahmen und integrierst diese in Projekte und Assets
