Cloud Security Engineer Ii, Iii, Or Sr (Depending On Experience)

Company Description

This position is eligible to work remotely if the candidate lives outside of Colorado in the following states: AR, IL, ID, FL, TN, OK, MO. Candidates residing outside of these states will not be eligible for remote work. 

Ent Credit Union exists to improve the financial quality of life of the people we serve. This mission drives us every day, but we are more than our mission. We're also individuals using our unique abilities to make our organization, and the communities we serve, better than they were yesterday. We're a not-for-profit that puts people above profits and actively invests in our community. Our rapidly growing team is expanding our reach to serve more people throughout Colorado. To spread our mission far and wide, we need people like you. If you're interested in a paycheck with a purpose, apply with us today. Our people make the difference, and we truly believe you are our greatest asset.

Job Description

As a part of the agile cross-function team, the Cloud Security Engineer is responsible for ensuring the security and compliance of cloud-based systems within the Azure platform. Their role includes designing, implementing, and maintaining security measures, conducting risk assessments, creating and managing security policies, automating security processes, monitoring threats, and addressing security incidents. They work to safeguard data, applications, and infrastructure in Azure, staying current with security best practices and evolving threats to maintain a secure cloud environment. As the primary security role on Ent's Cloud Team, the Security Engineer II will work directly with other Cloud team members in CloudOps and DevOps to ensure secure access and use of cloud resources in our Azure environment. Additionally, this role is a key member of our Security Program and will seek guidance from our Security Architect and partner with our other security domains. The Cloud Security Engineer will also work across various IT teams to support their Cloud Security needs and ensure best practices related to Cloud Security operations and engineering.
Essential Functions

• Cloud Security: Implement, maintain, and enhance the security posture of Ent's cloud platform. Create and manage identity access controls, policies, and configuration to ensure proper authentication and authorization using Privilege Identity Management (PIM) and application registrations. Ensure the protection of cloud assets, i. e. , data, applications, services, infrastructure, and networks. Perform routine permission reviews of access, role, and managed identities. Perform and maintain Cloud Security risk assessments for new and existing cloud resources. Define, implement, and maintain Azure Policy to enforce governance and security controls.
• Automation & Release Management: Create and apply DevSecOps best practices and processes to create security-focused efficiencies through automation. Develop and maintain automation policies for compliance and security configurations. Review and approve releases and PRs requiring security approval for the cloud team.
• Monitoring & Alerting: Identify and remediate vulnerabilities using standard security tools and establish security baselines. Design and implement platform security monitoring technologies, i. e. , Azure Monitor, diagnostic logging and log retention settings, log analytic workspaces, create and customize Defender and Azure monitor alerts. Review Azure DevOps deployment and Infrastructure as Code (IaC) template security. Maintain Azure Policy and Secure Score exceptions list. Review Defender Secure Score compliance reports and address issues. Document exceptions for Defender for Cloud alerts.
• Security Program & Cloud Team Collaboration: Daily work in an Agile team with CloudOps, DevOps, and Agile practice team members to address security concerns Drive and automate security operations in partnership with DevOps engineers. Work closely with the Cloud Platform Manager and Security Architect to support Ent's security program roadmap related to our Azure cloud platform and tools. Works closely with the Security Architect to implement a defense-in-depth approach using best practices that provide multiple security controls and mechanisms to protect an organization's IT systems and data. Collaborate with other security roles within Ent's federated security program to support our cybersecurity center of excellence.
• Research and Security Vigilance: Research native security features for improved monitoring. Perform third-party vendor review. Review new resource types and capabilities to understand associated security risks. Research Security Orchestration, Automation, and Response (SOAR) capabilities. Proactively engage in threat hunting and modeling.
• Bank Secrecy Act: Remains cognizant of and adheres to Ent policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Qualifications

Minimum Formal Qualifications for Cloud Security Engineer II

• Bachelor's Degree in Computer Science, Information Technology, or related field
• 2+ years' overall experience working in a dedicated technical Cloud Security role

Minimum Formal Qualifications for Cloud Security Engineer III:

• Bachelor's Degree in Computer Science, Information Technology, or related field
• 4+ years' overall experience working in a dedicated Cloud Security role

Minimum Formal Qualifications for Cloud Security Engineer Sr:

• Bachelor's Degree in Computer Science, Information Technology, or related field
• 6+ years' overall experience working in a dedicated Cloud Security role

Each year of relevant work experience may be exchanged for a year in a relevant degree program or vice versa. For example, a requirement of a bachelor's degree in accounting and 2+ years of account experience could be substituted for a high school diploma and 6 years of relevant accounting work experience or a master's degree in accounting and 0 years of work experience.
Technical or Specialized Knowledge/Skills:

• Command of the specific cloud platform(s) (e.g., Azure, AWS, GCP)
• Knowledge of cloud services, configurations, and security features.
• Foundation in security principles, including encryption, authentication, access control, and risk assessment.
• Compliance knowledge and understanding of regulatory and compliance standards relevant to the organization's industry (e.g., GDPR, NIST) and the ability to ensure cloud resources adhere to these standards.
• Knowledge of Identity and Access Management (IAM) proficiency in managing user identities, roles, and permissions within the cloud environment, including using identity providers and Single Sign-On (SSO) solutions.
• Understanding of network security, including firewalls and security groups, to protect cloud infrastructure.
• Skills in setting up and using security monitoring tools and the ability to respond effectively to security incidents and breaches.
• Experience in scripting and automation (e.g., Python, PowerShell) tools to create, manage, and automate security policies and processes.
• Experience with security tools and services the cloud platform provides (e.g., Defender for Cloud) and third-party security solutions.
• Ability to identify and remediate vulnerabilities in cloud-based systems, including conducting regular scans and patch management.
• Ability to maintain clear and up-to-date documentation of security policies, procedures, and configurations.
• Knowledge of incident response processes and procedures.
• Commitment to being a part of a high-performing team and driving change.
• Communication skills (written, verbal, and listening).
• Organizational and analytical skills.
• Ability to establish good rapport with various areas of the organization and outside parties.
• Ability to work autonomously with general direction.
• Proficient with the Microsoft Office Suite of products (Word/Excel/Outlook).
• (preferred) A good technical background with multiple IT disciplines and knowledge of current IT Security issues and best practices.
• (preferred) Knowledge and experience in financial services or other highly regulated industries.

Certifications Required:

Level II: Must be willing to obtain one or more within 1 year

• AZ-500 - Microsoft Certified: Azure Security Engineer Associate
• CISSP - Certified Information Systems Security Professional
• AZ-104 - Microsoft Azure Administrator
• AZ-300 - Microsoft Azure Architect Technologies

Level III or Sr: One or more of the following is required upon hire:

• AZ-500 - Microsoft Certified: Azure Security Engineer Associate
• CISSP - Certified Information Systems Security Professional
• AZ-104 - Microsoft Azure Administrator
• AZ-300 - Microsoft Azure Architect Technologies

Environmental, Physical and Psychological Requirements

• Standing - Occasionally
• Walking - Occasionally
• Sitting - Frequently
• Lifting - Rarely (40 Lbs)
• Carrying - Rarely
• Pushing - Rarely
• Pulling - Rarely
• Balancing - Rarely
• Stooping - Rarely
• Kneeling - Rarely
• Crouching - Rarely
• Crawling - Rarely
• Reaching - Occasionally
• Handling - Occasionally
• Grasping - Occasionally
• Feeling - Occasionally
• Talking - Frequently
• Hearing - Frequently
• Repetitive Motions - Frequently
• Eye/Hand/Foot Coordination - Occasionally
• Noises louder than normal speaking volume - Occasionally
• Temperature Changes - Rarely
• Atmospheric Conditions - Rarely

Additional Information

The pay range for Level II is: $82,909 to $108,806 per Year (I15)

The pay range for Level III is: $95,409 to $125,236 per Year (I16)

The pay range for Level Sr. is: $105,144 to $138,008 per Year (I17)
Final compensation for this position will be determined by various factors such as relevant work experience, specific skills and competencies, education, certifications, and internal pay equity.
We anticipate this position to close on 2/2/2024. Please submit your application at your earliest convenience to be considered.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
Benefits Summary Sheet - 2024
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)