Cloud Security Engineer Cyber

Job Type:


Full Time





General Description:


Works closely with internal software development teams and contractors to embed security and compliance into software applications and Infrastructure as Code (IaC) deployments. The primary goal is to streamline and align security processes across the Secure Software Development Lifecycle (SSDLC).




Essential Duties and Responsibilities:

stylemargin:top:0.0in;margin:bottom:0.0in typedisc:
:
Ensure applications and software comply with legal, regulatory, and internal security standards.
:
Collaborate with developers and DevOps engineers to implement security standards and benchmarks.
:
Foster a culture of secure coding by building relationships with software architects and engineers.
:
Develop and integrate secure design patterns, coding standards, and training into the development workflow.
:
Implement and automate comprehensive application security testing, including code review, architecture review, threat modeling, and penetration testing.
:
Other duties as requested

Technical:

stylemargin:top:0.0in;margin:bottom:0.0in typedisc:
:
Proficiency in programming languages such as .Net, C, Java, and JavaScript, along with secure coding best practices.
:
Expertise in web API, web service, and web application security using risk:based approaches.
:
Experience with REST, SOAP, or gRPC protocols.
:
Hands:on experience with CI/CD tools like GitLab, Jenkins, Nexus, Harness, and Artifactory.
:
Familiarity with IaC and policy:as:code tools such as Terraform and Sentinel policies.
:
Advanced knowledge of application security testing tools covering SAST, DAST, IAST, and SCA categories, including BurpSuite, Appscan, Veracode, Qualys WAS, HP Web Inspect, Checkmarx, WhiteSource, DevTools, Fiddler, OWASP Zap, Metasploit, BeeF, and SQLMap.

Security Integration and Automation:

stylemargin:top:0.0in;margin:bottom:0.0in typedisc:
:
Strong experience in integrating security controls within the Software Development Lifecycle (SDLC).
:
Practical knowledge of automating security controls within CI/CD pipelines is considered a plus.
:
Familiarity with secure development frameworks and best practices such as OWASP, STRIDE, OCTAVE, BSIMM, and OpenSAMM.
:
Understanding of encryption, hashing, key management, and secret management.
:
Knowledge of authentication and authorization mechanisms including Active Directory (LDAP and NTLM), OAuth, OpenID Connect, SAML, and JSON Web Tokens.




Education:


Bachelor's degree in Business Administration, Computer Sciences, Computer Engineering, Information Systems or related fields.




Experience:


Ten (10+) years of proven combine progressive experience in software development and security aspects in a complex technological environment.





Certifications / Licenses:


Certifications are highly desirable but not required


AWS DevOps Engineer and Microsoft AZ:400.


Security certifications such as CISSP, CISM, CGEIT, GSEC, CASP+, CRISC, and CCSP.





Knowledge, Skills and Abilities (KSAs):

stylemargin:top:0.0in;margin:bottom:0.0in typedisc:
:
Strong business acumen: ability to understand the needs and concerns of business stakeholders and colleagues and respond promptly and effectively to stakeholder requests. An ability to conduct analysis of work procedures and business results and recommend changes to improve the effectiveness of the business management.
:
Strong technical acumen: knowledge of Software Development, Cyber Security, Information Security, and Information Technology concepts. Strong knowledge of processes, controls, efficiency metrics and reporting concepts. Ability to write technical instructions using programs and technology. Robust knowledge of applicable local and federal laws, regulations, and guidelines.
:
Communication skills: effectively interact with internal and external stakeholders. Ability to foster trusting