We are looking for a Cloud Security Engineer who specializes in Amazon Web Services (AWS) environments to participate in a multidisciplinary information security team. The right individual will directly contribute to the execution of the firm’s technology transformation strategy, cloud architecture and assist in the design and implementation of security controls around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). What you’ll do Develop Cloud Security Controls Framework aligned to security frameworks CSA, CIS and NIST for multi-cloud environment. Design and develop security architectures for cloud and cloud/hybrid-based systems. Possess a firm understanding of the offerings within AWS platforms. Designing and Developing Cloud-specific security policies, standards and procedures e.g. Identity and Access Management (SSO, SAML), and Privilege Management, Firewall management, SSL/IPSec, Encryption Key Management (BYOK), Security incident and event management (SIEM), Data protection (DLP, encryption), Vulnerability Management in partnership with Infrastructure Services, and Application Development. Performing Cloud Security Assessments of Cloud platforms/environments using industry standard frameworks such as ISO, CSA-CSM and NIST. Executing on Cloud security engagements during different phases of the lifecycle assess, design, and implementation. Troubleshooting and resolving complex security issues in AWS, applying fundamental systems security understanding, skills, expertise, and experience to support the planning, design, development, and implementation of complex systems Ensuring that relevant threat and vulnerability data is considered in support of security-relevant decisions. Providing input to analyses of alternatives and to requirements, engineering, and risk trade-off analyses to achieve a cost-effective security architectural design for protections that enable mission/business success. Providing the evidence necessary to support assurance claims and to substantiate the determination that the system is sufficiently trustworthy; and Conducting security risk management activities, producing related security risk management information, and advising the engineering team and key stakeholders on the security-relevant impact of threats and vulnerabilities to the mission/business supported by the system. What you’ll need The ideal candidate will have a strong foundation across Amazon Web Services (AWS), AWS security capabilities and the ability to communicate security and risk-related concepts to key stakeholders along with experience with the following AWS services including but not limited to IAM Detective & GuardDuty, Security Hub CloudTrail, CloudWatch, CloudFormation Key Management Service EC2, S3, RDS, VPC, Route 53 Identity and Access Management principals, including B2B and B2C cloud design and implementation Securing network and enterprise cloud applications Privileged access management technologies Strong understanding of security best practices and security frameworks, such as ISO/IEC 27001, NIST CSF, NIST 800-53 or OWASP Knowledge of host hardening, auditing, logging and monitoring, network security, SEIM deployments, security analytics, anomaly detections, PKI Market understanding of industry trends for cybersecurity, risk & threat intelligence, and governance Proven implementation of cloud security models, particularly identity, network, and encryption Demonstrated understanding of Microsoft security technologies and strategy Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments Experience with Infrastructure as Code Automation (e.g. Ansible) and Automation Skills (PowerShell and/or Python, Java, or a similar language) Experience with perimeter security and firewall technologies (Cisco, Fortinet) preferred. Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies Understanding of firewall concepts, security defense-in-depth, and the risk-based approach to security IT Systems Architecture/Infrastructure knowledge Experience supporting large and complex geographically distributed enterprise environments with 1000 users Education and Experience Bachelor’s degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.