Expoint - all jobs in one place

מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר

Limitless High-tech career opportunities - Expoint

Bank Of America Senior Cybersecurity Engineer – Cloud Field Engineering 
United States, Colorado, Denver 
86087918

20.12.2024

Job Description:

Job Description:

Key Responsibilities:

  • Threat Modeling & Risk Assessment: Conduct threat modeling and risk assessments to identify potential vulnerabilities in cloud environments and develop strategies to mitigate these risks.
  • Design & Implementation: Develop and integrate security controls as code across multiple cloud platforms (e.g., AWS, Azure, GCP) to ensure the security and compliance of cloud infrastructure.
  • Build Controls: Automate security processes and controls, leveraging Infrastructure as Code (IaC) tools (e.g., Terraform) to embed security at every stage of the cloud lifecycle.
  • Delivery Controls: Create rules scanning of Infrastructure as Code at deployment to prevent non-Compliant code from creating Cloud Resources.
  • Runtime Controls: Automate the detection and remediation of Non-Compliant Cloud Resources moving them back to a known good state without the need for human interaction.
  • Compliance & Governance: Demonstrate that our cloud environments comply with internal control requirements and regulatory obligations, with robust reporting and dashboards.
  • Advocacy: Communicate the possibilities the Cloud Provides for Cybersecurity vision and roadmap to stakeholders and the team and drive user adoption.
  • Collaboration: Work closely with DevOps, engineering, and IT teams to integrate security best practices into CI/CD pipelines, ensuring secure and efficient deployment processes.
  • Documentation: Maintain comprehensive documentation of security controls, policies, and procedures for cloud environments.

Experience & Qualifications:

  • Experience: Significant experience in cybersecurity across multiple domains, with a strong focus on cloud security and integrating controls as code.
  • Technical Expertise: Deep knowledge of cloud platforms (AWS, Azure, GCP) and significant experience building and operating cloud-native security tools and services.
  • Programming & Scripting: Proficiency in programming and scripting languages (e.g., Python, Go, Shell) used for automation and security integration.
  • Infrastructure as Code (IaC): Significant Hands-on experience building Cloud Services with IaC tools such as Terraform, CloudFormation, or similar.
  • Security Frameworks: Familiarity with security frameworks and standards (e.g., NIST, CIS, ISO) and their application in cloud environments.
  • DevSecOps: Strong understanding of DevSecOps principles and experience integrating security into CI/CD pipelines and operational processes.
  • Problem-Solving: Excellent problem-solving skills, with the ability to think critically and adapt to new challenges and communicate insights in simple terms.
  • Communication: Strong written and verbal communication skills, with the ability influence at all levels by explain complex security concepts to non-technical stakeholders.
  • Certifications: Relevant certifications such as CISSP, CCSP, AWS Solutions Architect; AWS Security Specialty AWS Certified Security; Azure Developer Associate & Azure Security Engineer Associate

Skills:

  • Planful: Thoughtfully setting, proactively managing, and predictably achieving commitments through strategy, process, communication, and delivery.
  • Ownership: Acceptance of full responsibility for delivery outcome – “buck stops here” mentality. And collaboratively addressing problems as they arise.
  • Connected: Clear orientation and understanding of where you, your team, your work/priorities join with others in a common goal.
  • Consistency: Drive toward and adoption of logical, efficient, and sustainable processes and tools to achieve predictable results.
  • Accuracy: Achieving business value (as agreed with key stakeholders and control partners) within defined tolerance across measurable parameters (scope, schedule, cost).
  • Influence
  • Result Orientation
  • Solution Design
  • Stakeholder Management

This job will be open and accepting applications for a minimum of seven days from the date it was posted.

1st shift (United States of America)