This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

The hottest job offers in the state of Virgina

To post a job, login or create an account |  Post a Job

AWS Cloud Security Engineer


This is a Full-time position in McLean, VA posted July 11, 2021.

The AWS Cloud Security Technical SME is responsible for the analysis, evaluation, and execution of an ideal application security offering that integrates development activities, information security, and the automated release methods within the CICD pipeline. Ultimately, the successful candidate has a strong sense of development lifecycles and information security. Responsibilities From an Information Security interest, this role is expected to fully grasp the concepts behind security controls and how they apply to application development, secure infrastructure, and CICD environments. This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery and minimal overhead. Other key responsibilities include Critical thinking and analysis in the security discipline space is essential, as this role will take the approach of identifying root cause of information security exposure across the enterprise, with or without obvious indicators of exposure. Partnering with teams across the IT organization and helping to influence decisions which lead to a high standard of security. The secure design, architecture, and implementation of new applications. This includes secure software development lifecycle (SDLC) practices which incorporate threat modeling and security testing. Define and publish Application Security standards in a practical and consumable format. Ensure compliance with applicable security controls when writing such standards. Present recommendations for review and validation with VP and CISO. Conducting technology research for innovation, continuous improvement, and knowledge sharing for the Application Security space. Develops a subset of the technology strategy as a result of this research. Teach, enable, and advocate key Architecture and Technical principles and implementation across all engineers inside the Product Engineering Organization. Organizing training to improve employeesrsquo knowledge and skills for future organizational growth as it relates to Architecture principles and standards.? Assist in the development of training for all personnel related to the Application Security space. Contribute to talent acquisition and upskilling in area of expertise. Qualifications As the focal person for Cloud Security, the individual will have robust training, experience, and background in both Information Security and the Application Development lifecyclesapproacheslanguages and tools. Qualifications include Bachelorrsquos Degree in Computer Science (related) or equivalent experience as a hands-on AWS Cloud security architectsenior security engineer. Previous experience in defining organization-wide security processes and methodologies, a proven leadershipinfluence style, customer-service oriented demeanor, problem-solving, effective reporting via metrics and indicators, and strong communications are all essential to this function. Manage full application stacks from the OS through custom applications using Amazon cloud-based computing environments. Work closely with the architect and engineers to design networks, systems, and storage environments that effectively reflect business needs, security requirements, and service level requirements. 10+ years of IT Security Experience. Industry certifications are a plus (i.e. CISSP, CEH, GPEN etc). Highly technical and analytical expertise, with a proven deep background in security technology design, implementation, and delivery. This individual must be comfortable providing metrics, analysis, and quantitativequalitative evidence when necessary to drive a security outcome. The ability to code is a mandatory skill (this qualification is non-negotiable). Of particular importance is the ability to work with Delivery Infrastructure coding (e.g. Terraform, other required scripting such as Python), along with languages such as Java and Kotlin. A comprehensive understanding of typical exploits and associated implications is essential to ensure observations and findings can be not only remediated but treated in accordance with the risk-ranked potential impact. Understanding of frameworks such as MITRE ATTACK and OWASP ASVS. Understand how to implement these into an Application Security program and assess the application threat landscape. Be able to use these frameworks in communication with stakeholders. Ability to identify appropriate findings in vulnerability scan results and communicate with development teams on how to best remediate. Understand Authorization Policy as Code practices and be able to “write” such policy as code. Possess the knowledge and ability to create Security Automations on AWS. Understand OIDCOAuthSAML architecture and use patterns. Demonstrated understanding of good software designarchitecture principles. Demonstrated coachingteaching skills for small teams and individuals. Ability to create training plans and materials for technical people. Strong quantitative, analytical, problem-solving skills, including the ability to accumulate, organize and assimilate large amounts of information. Ability to work independently, plan, and prioritize work to meet commitments aligned with organizational goals. Ability to leadco-lead Risk Assessments and Security Reviews. Ability to lead the technical aspects of an Incident Response. Experience designing and building web application environments on AWS, including services such as EC2, S3, ELB, RDS, etc Experience with DevOps tools such as Jenkins, Maven, GitHub, Ansible, Artifactory, Sonar Qube in a cloud environment. Experience with Linux and Windows Server system administration. Experience with installing and configuring application servers such as WebLogic, JBoss and Tomcat. Ability to create and utilize AWS Cloud Formation templates to automate creation of AWS images Proficient in developing scripts and scripting languages. A team player capable of high performance, flexibility in a dynamic working environment and the ability to lead. Skill and ability to train others on technical and procedural topics. Additional The AWS Cloud Lead will engage with Engineering leaders, Architects, Administrators, Engineers, Project and Program managers to educate, coach, advise, and improve the skills of people across the organization. AWS Certified Solutions Architect Associate preferred AWS Certified Solutions Architect Professional preferred Experience with technologies to include AWS, Linux, and Puppet, 3 to 5 years of demonstrated experience in designing and developing complex distributed IT solutions (e.g. cloud, distributed systems or high-performance computing experience). Usually functions with high autonomy require occasional guidance. Requires a high level of initiative. Provides technical guidance and consultation to other architects and engineers. Informs better decision making at all levels of the technology organization. Reports directly to the VP in the Security and IT Organization. Demonstrated experience with geographically distributed teams in a matrixed environment. Additional insights, experience or background in any of the following are also of great value NIST, ISO 27001, Java Development, Kotlin, Static Code Analysis, Dynamic Code Analysis, Penetration Testing and Vulnerability Scanning, AWS, Containers and Micro-Services, CICD Pipelines, Agile, Sprints Scrum Masters, GitHub, Black Duck