Position Details Title: Cloud Security Engineer Location:Onsite 3 times a week, Houston, TX 77040 Duration:Fulltime permanent
Responsibilities: Enable and support BU/Corporate teams
First line of support for cloud security engineering, liaising with Security SMEs and teams
Quarterly review of legacy exceptions/controls and remedy in partnership with teams
Lights-on-Support: Manage incidents and problems in AWS and Azure
Monitoring, tracking, and advising teams on remediation of non-compliant resources identified by Turbot and other AWS-native tools such as Guard Duty, AWS Security Hub, and Azure Security Center
Offer consultancy as Cloud Security SME to BU/Corporate, focusing on security and resiliency
Automate processes
Automate security controls and allied activities
Identify manual controls and reports needing automation
Automate security-as-code with version control, change control, and roll-back capability
As a T-shaped resource, automate cloud services as needed
Automation on guardrail reporting and alerting to tech owners
Develop and maintain cloud security foundational services
Deploying Identity and Access Management systems to secure production and corporate access, such as: SSO, SAML
Extending and maintaining automated enforcement of security guardrails using Turbo to ensure compliance with TMHCC security policies.
Ensure logging and monitoring feeds and tools are in-place and functional (feeds to Sumo Logic and Security SIEM(LogRhythm currently)
Implementing and maintaining AWS platform integrations with security tools such as Qualys and Crowdstrike
Acting as a liaison between the Cloud Platform & Services team and the Security team (SOC) to assist with AWS-related security investigations, if needed
Harden configurations using standards such as the Center for Internet Security(CIS) security benchmarks for Docker, AWS Kubernetes, and others and keep software up to date
Use VeraCode Software Composition Analysis (SCA) to scan all container images, as well as dynamically and statically linked dependencies and nested dependencies, for known vulnerabilities and embedded secrets
Skillset and Experience Required:
Bachelor’s degree in computer science or other highly technical, scientific discipline
7 or more years' experience in Cyber/IT Security
Experience with compliance, or risk management
Hands-on experience with AWS cloud
Hands-on technical expertise in building security capabilities in code and deploying infrastructure in code
Understanding of Cloud Security across realms of Identity, Monitoring Auditing and Cryptography
Working knowledge or experience of information security within the enterprise
A strong grasp of Information Security and implemented processes to review IT infrastructure
Knowledge and experience with threat modeling and penetration testing, especially for web application and web APIs
Web security and compliance experience (e.g., Firewalls, IDS/IPS systems, DDOS prevention and PCI, HIPAA,FIPS, etc.)