Role: Lead Cloud Security (AWS/ Azure/ GCP)

Location: Dallas, TX / Mclean, VA OR 100 % Remote

Job Description:

Cloud Security Expertise: Understanding of cloud security principles, best practices, and compliance frameworks (e.g., CIS, NIST, SOC2).
Cloud Platform Knowledge: Proficiency in a cloud platform (AWS) and their security features.
Security Orchestration, Automation, and Response (SOAR): Understanding of SOAR concepts and tools for automating security workflows.
Cloud Account Management: Proficiency in managing cloud accounts, organizations, and IAM roles.
Access Management: Understanding of RBAC principles and implementation.
Experience with SSO implementations (e.g., Okta, ADFS) and integration with cloud platforms and SaaS applications.
Project Management: Ability to manage projects with multiple stakeholders, timelines, and deliverables.
Wiz Platform Expertise (Optional): Knowledge of Wiz platform capabilities, configuration, and administration

Key Responsibilities:

CI/CD Integration: Design, implement, and maintain CI/CD pipelines with a focus on integrating Policy as Code (PaC) to ensure compliance and security.
Policy Development and Management: Write, review, and maintain Rego policies, ensuring best practices such as modularity, clear metadata, and easy remediation.
Custom Metadata and APIs: Develop and utilize APIs to pull in external custom metadata to enhance PaC rule testing.
AWS Expertise: Leverage AWS services (IAM, EC2, Lambda, ECS, DynamoDB, RDS, S3, EBS) to build and maintain scalable and secure cloud infrastructure.
Serverless Architecture: Implement and manage serverless functions in AWS to run Rego policies and other serverless solutions.
Anomaly Detection: Develop and implement anomaly detection policies, e.g., identifying patterns such as VMs failing at specific times.
Wiz Integration: Utilize Wiz for policy management, including writing custom Rego policies and adapting out-of-the-box policies to fit organizational needs.
Automation and Testing: Implement automated testing frameworks (ATDDs) for Infrastructure as Code (IaC) using Terraform/CFT and ensure robust testing coverage.
Observability and Troubleshooting: Utilize observability tools (Splunk, New Relic) and AWS native tools (CloudTrail, CloudWatch) for monitoring and troubleshooting.
Collaboration and Mentoring: Work closely with other teams to promote best practices, mentor junior engineers, and facilitate knowledge sharing.