EY GPS - Network Security Cloud Engineer Supervising Associate 

United States, Georgia 

446065729

Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements.

As the Network Security Engineer, you will focus on securing the cloud network infrastructure, ensuring compliance with security standards, detecting vulnerabilities, and responding to security incidents. You will be responsible for ensuring compliance with 800-53 and 800-171 security controls, maintaining FedRAMP and CMMC certifications and collaborating closely with Cloud Network Engineers.

In short, ensure the network infrastructure within our cloud is robust, secure, and compliant, while maintaining optimal performance and scalability.

Secure Network Architecture

Collaborate with the Cloud Network team and other stakeholders in configuring and securing the following:
• Designing secure and scalable network infrastructures in the cloud.
• Implementing secure Virtual Private Clouds (VPCs), subnets, and routing configurations.
• Managing and securing communication between on-premises and cloud environments (e.g., via VPNs, Direct Connect, or ExpressRoute).
• Configuring and managing security groups, firewalls, and access control lists (ACLs).
• Enforcingprinciples.
• Work with the Cloud Network Engineering teams to Implementing encryption for data in transit and at rest.
• Monitoring network traffic for anomalies or malicious activity.
• Setting up intrusion detection and prevention systems (IDS/IPS).
• Responding to network security incidents and performing root cause analysis.
• Work with the IAM team with implementing role-based access control (RBAC) for cloud network resources.
• Managing identity federation and secure access to cloud services.
• Ensuring least-privilege access for network users and services.
Automation and Infrastructure as Code (IaC)

• Automating network security configurations using tools like Azure devops, Bicep, Terraform, CloudFormation, or Ansible.
• Consult cloud engineering on security controls and collaborate on final product designs from a network security perspective.
• Validating secure configurations of IaC templates.

Compliance and Risk Management

• Ensuring compliance with regulations and standards (CMMC, FedRAMP).
• Conducting regular network security audits and risk assessments.

Securing Cloud-Specific Services

• Collaborate with the Cloud Network team and other stakeholders in configuring and securing the following:
• API Gateways, Load Balancers, and DNS services.
• Managing endpoint security for cloud-native services such as serverless functions or containers.
• Implementing DDoS protection mechanisms.

Continuous Monitoring and Reporting

• Leveraging cloud-native monitoring tools (e.g., AWS CloudWatch, Azure Monitor) for visibility into network health and security.
• Generating reports on network vulnerabilities, incidents, and performance metrics.

Collaboration

• Working with DevOps, security, and networking teams to design secure workflows.
• Advising stakeholders on best practices for cloud network security.
  

Skills and attributes for success

• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Detail-oriented and highly organized, with the ability to manage multiple tasks and priorities.
• Ability to work independently and as part of a team in a fast-paced environment.
• Strong documentation and reporting skills.
• Experience in implementation and managing of network security measures

To qualify for the role, you must have

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field or relevant experience
• Minimum of 5 years of experience in network security, with a focus on cloud environments, preferably Azure Cloud
• Experience working in Azure.gov space and managing multiple Azure Tenants
• Strong understanding of 800-53 and 800-171 security controls and compliance requirements
• Experience with FedRAMP and CMMC certification processes
• Knowledge of vulnerability detection tools and techniques
• Familiarity with security information and event management (SIEM) systems
• Experience with network security protocols and technologies (e.g., VPN, IDS/IPS, SSL/TLS)
• Ability to obtain and maintain a Top Secret Security Clearance

Ideally, you’ll also have

• Preferred proficiency in managing and configuring Azure network security technology resources (Azure FW, WAF, NSG)
• Knowledge of SIPR/NIPR, JWICS
• Relevant certifications such as Network+, CISSP, CISM, CEH, or Azure Security Engineer Associate are highly desirable
• Additional certifications in cloud security or network security are a plus

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.