Cloud Security Engineer

Cloud Security Engineer

Direct Hire; No C2C option

Location: Omaha, Nebraska; Option to work remotely with occasional travel as needed

Capstone IT is helping our client to hire an experienced Cloud Security Engineer that must provide a Cyber Security lens across all cloud-based disciplines such as design, development, platform & infrastructure, operations, run-time security configurations and monitoring, onboarding, and access controls to our cloud ecosystem.

This role will help torevolutionize consumer payments by creating a digital credit card services business and will the business deliver the speed and agility that digital-first fintech’s and API-driven brands need to drive loyalty and value through card payments.

This person will also be instrumental in the building, maintaining, upgrading, and continuously improving our cloud-based API Platform for our product suite across four pillars: credit card programs, account origination, account servicing, and account management.

As part of a larger product team, you will be expected to set security best practices for the DevSecOps engineering cloud environment, design and implement security solutions, contribute, and work closely with the API product architect, platform engineer and team lead engineers. The Cloud Security Engineer will own the security practices for design, development, deployment, and runtime of the cloud platform as well as hands on keyboard AWS Cloud implementation for the AWS platform of services and tools.

Role Duties:

• Work closely with team members (analysts, engineers, architect, product owner, testers) to achieve continuous improvement in cyber defense/resilience as it pertains to design, development, deployment, and runtime environment.
• Attend daily stand ups and scrum sessions working directly with the enablement point of deliver (POD) team using agile practices.
• Work with the product owner and lead engineer on establishing non-functional requirements for development and runtime solutions as it relates to security measures and features.
• Monitor, secure and protect the platform environments and our customer’s data.
• Research and maintain proficiency in tools, techniques, countermeasures, trends in vulnerabilities, and other security disciplines that will streamline and improve the security posture of cloud-native environments.
• Manage and execution of technologies and processes that affect assigned global information protection capability, such as issue identification and resolution, documentation, integration with other tools, gap resolution, gap assessment and continuous improvement of the capability.
• Keep infrastructure fresh and current, make recommendations and participate in the implementation and continuous improvement of technologies and services in the information security domain.
• Provide guidance on security strategies, processes, response and technologies to security operations, monitoring and to the tea
• development teams in implementing new features or resolving security issues.
• Provide security recommendations on platform, API and application design, development (e.g., coding), and deployment automations inclusive of security and vulnerability testing
• Responsible for automation of security controls and the development of specialized security tools (such as APIs) as needed to promote a culture of continuous improvement.
• Responsive to incident response tickets on security related incidents.
• Participate in the development of business cases and presentations on information security technologies of interest to the organization and product team.
• Counsel and mentor team members on information security controls.

Preferred Technical Qualifications:

• Experience with leveraging API Security capabilities in authentication, authorization, and accounting (AAA) frameworks to intelligently control access to resources and enforce policies by using industry standard protocols such as OAUTH2 and OpenID.
• Knowledge of financial services compliance requirements, such as GLBA and PCI/DSS.

Preferred Certifications:

• Application Security or DevSecOps certification
• Certified secure software lifecycle professional (CSSLP) certification OR combined with one of the following:
  • AWS Certified Solutions Architect
  • Microsoft MCSE Cloud Platform & Infrastructure
  • Google Professional Cloud Architect certification
  • Preferred experience - 3-5 years
  • Cloud environments, cyber security and establishing cloud security practices and standards o Cloud platforms & services such as AWS, Azure, or GCP
  • DevSecOps and supporting integration tools for monitoring, deployment, network segmentation and isolations, cloud security groups, test automation for security vulnerabilities, runtime threat detection, data aggregators and logging.
  • A variety of cloud platform components &services, applications, and tools such as service mesh, Kubernetes, API-Gateways, API Management, Identity Management and Access Management
  • Understanding of software architecture and secure data access and integration techniques such as Request/Response, Event-Driven/Streaming and Batch/ETL architectures.

Technology Stack / DevSecOps Tools:

• Experience using AWS “the platform” as well as a host of AWS Services within the AWS Marketplace as needed to build, support, operate and monitor the CaaS API Platform.
• Experience designing, building, and maintaining digital cloud native environments on AWS, which includes working with services like:
  • RDS
  • WAF/Shield or S3
• Experience using DevSecOps tools in an AWS cloud environment, such as:
  • Ansible/Python
  • Artifactory/Artifact Management or Docker
  • GitHub/GitLab
  • SonarQube/CodeQuality
  • Snyk/SAST Security Tool
  • Zap/DAST Security Tool
• As a special aside, an AWS engineer who works in DevSecOps should also have experience with the theory, concepts, and real-world application of Continuous Delivery (CD), which requires familiarity with tools like:
  • AWS Code Build/Code Deploy/Code Pipeline/AppRunner
  • Octopus Deploy
  • Ansible/Ansible Tower Experience using monitoring solutions like:
  • CloudWatch/X-Ray
  • ELK Stack
  • Prometheus/Grafana/Loki
  • New Relic/Datadog/App-Dynamic

• An understanding of writing Infrastructure-as-Code (IaC), using tools like:
  • AWSCDK
  • Cloud Formation or Terraform

Capstone Consulting is an EEO employer

Capstone website http://www.capstonec.com/

Like us on Facebook:

https://www.facebook.com/CapstoneITStaffingSolutions/

Follow us on Twitter:

https://twitter.com/capstone__IT/

Connect with us on LinkedIn:

https://linkedin.com/company/capstone-consulting/