Role: Lead Cloud Security (AWS/ Azure/ GCP)
Location: Dallas, TX / Mclean, VA OR 100 % Remote
Job Description:
- Cloud Security Expertise: Understanding of cloud security principles, best practices, and compliance frameworks (e.g., CIS, NIST, SOC2).
- Cloud Platform Knowledge: Proficiency in a cloud platform (AWS) and their security features.
- Security Orchestration, Automation, and Response (SOAR): Understanding of SOAR concepts and tools for automating security workflows.
- Cloud Account Management: Proficiency in managing cloud accounts, organizations, and IAM roles.
- Access Management: Understanding of RBAC principles and implementation.
- Experience with SSO implementations (e.g., Okta, ADFS) and integration with cloud platforms and SaaS applications.
- Project Management: Ability to manage projects with multiple stakeholders, timelines, and deliverables.
- Wiz Platform Expertise (Optional): Knowledge of Wiz platform capabilities, configuration, and administration
Key Responsibilities:
- CI/CD Integration: Design, implement, and maintain CI/CD pipelines with a focus on integrating Policy as Code (PaC) to ensure compliance and security.
- Policy Development and Management: Write, review, and maintain Rego policies, ensuring best practices such as modularity, clear metadata, and easy remediation.
- Custom Metadata and APIs: Develop and utilize APIs to pull in external custom metadata to enhance PaC rule testing.
- AWS Expertise: Leverage AWS services (IAM, EC2, Lambda, ECS, DynamoDB, RDS, S3, EBS) to build and maintain scalable and secure cloud infrastructure.
- Serverless Architecture: Implement and manage serverless functions in AWS to run Rego policies and other serverless solutions.
- Anomaly Detection: Develop and implement anomaly detection policies, e.g., identifying patterns such as VMs failing at specific times.
- Wiz Integration: Utilize Wiz for policy management, including writing custom Rego policies and adapting out-of-the-box policies to fit organizational needs.
- Automation and Testing: Implement automated testing frameworks (ATDDs) for Infrastructure as Code (IaC) using Terraform/CFT and ensure robust testing coverage.
- Observability and Troubleshooting: Utilize observability tools (Splunk, New Relic) and AWS native tools (CloudTrail, CloudWatch) for monitoring and troubleshooting.
- Collaboration and Mentoring: Work closely with other teams to promote best practices, mentor junior engineers, and facilitate knowledge sharing.
From:
Ravi,
Xforia
ravi.vr@xforia.com
Reply to: ravi.vr@xforia.com