Cloud Security Engineer Sr.

Company Description

Ent Credit Union exists to improve the financial quality of life of the people we serve. This mission drives us every day, but we are more than our mission. We're also individuals using our unique abilities to make our organization, and the communities we serve, better than they were yesterday. We're a not-for-profit that puts people above profits and actively invests in our community. Our rapidly growing team is expanding our reach to serve more people throughout Colorado. To spread our mission far and wide, we need people like you. If you're interested in a paycheck with a purpose, apply with us today. Our people make the difference, and we truly believe you are our greatest asset.

Job Description

As a key technical leader in the Cloud Team, the Senior Cloud Security Engineer is responsible and in partnership with security leadership for architecting, leading, and executing the security strategy for cloud-based systems within the Azure platform. This role demands a deep understanding of cloud architecture and security frameworks and involves advanced designing, implementing, and overseeing security measures, leading comprehensive risk assessments, formulating and governing security policies, and pioneering automation of security processes. The Senior Engineer plays a pivotal role in monitoring threats, orchestrating responses to security incidents, and mentoring team members. They are responsible for proactively safeguarding data, applications, and infrastructure in Azure, continuously aligning with evolving security best practices and emerging threats. As the senior-most security expert in the Cloud Team, this role involves close collaboration with CloudOps, DevOps, Enterprise Architecture, and security leadership to ensure secure operation and use of Azure cloud resources. Additionally, this role is a key member of our Security Program and will seek guidance from our Security Architect and partner with our other security domains. The Cloud Security Engineer will also work across various IT teams to support their Cloud Security needs and ensure best practices related to Cloud Security operations and engineering.

Essential Functions:

• Cloud Security: Champion the protection of cloud assets, including data, applications, services, infrastructure, and networks. Create and manage identity access controls, policies, and configuration to ensure proper authentication and authorization using Privilege Identity Management (PIM) and application registrations. Perform routine permission reviews of access, role, and managed identities. Perform and maintain Cloud Security risk assessments for new and existing cloud resources. Define, implement, and maintain Azure Policy to enforce governance and security controls.
• Automation & Release Management: Drive innovation in DevSecOps practices, focusing on security-centric automation and efficiency. Lead in developing and maintaining automated compliance and security configurations. Oversee and approve releases and PRs requiring security approval for the cloud team.
• Monitoring & Alerting: Lead vulnerability identification and remediation efforts using advanced security tools; establish and evolve security baselines. Design and implement platform security monitoring technologies, i. e. , Azure Monitor, diagnostic logging and log retention settings, log analytic workspaces, create and customize Defender and Azure monitor alerts. Create and manage custom Azure Monitor security alerts. Review Azure DevOps deployment and Infrastructure as Code (IaC) template security Maintain Azure Policy and Secure Score exceptions list. Review Secure Score for Defender for Cloud compliance reports and address issues. Document exceptions for Defender for Cloud alerts
• Security Program & Cloud Team Collaboration: Lead security discussion in an Agile team with CloudOps, DevOps, and Agile practice team members to address security concerns. Drive and automate security operations in partnership with DevOps engineers. Act as a technical senior advisor to the Cloud Platform Manager and Security Architect to support Ent's security program roadmap related to our Azure cloud platform and tools. Works closely with the Security Architect to implement a defense-in-depth approach using best practices that provide multiple security controls and mechanisms to protect an organization's IT systems and data. Collaborate with other security roles within Ent's federated security program to support our cybersecurity center of excellence. Reviews the work of others, mentors, trains, and aids other team members with technical challenges.
• Research, Education and Security Vigilance: Research native security features for improved monitoring. Perform third-party vendor review. Review new resource types and capabilities to understand associated security risks. Research Security Orchestration, Automation, and Response (SOAR) capabilities. Proactively engage in threat hunting and modeling. Act as a knowledge leader within the team, promoting continuous learning and skill development.
• Bank Secrecy Act: Remains cognizant of and adheres to Ent policies and procedures, and regulations pertaining to the Bank Secrecy Act.

Qualifications

Minimum Formal Qualifications:

• Bachelor's Degree in Computer Science, Information Technology, or related field
• 6+ years' overall experience working in a dedicated Cloud Security role

Each year of relevant work experience may be exchanged for a year in a relevant degree program or vice versa. For example, a requirement of a bachelor's degree in accounting and 2+ years of account experience could be substituted for a high school diploma and 6 years of relevant accounting work experience or a master's degree in accounting and 0 years of work experience.

Technical or Specialized Knowledge/Skills:

• Command of the specific cloud platform(s) (e.g., Azure, AWS, GCP)
• In-depth knowledge of cloud services, configurations, and security features.
• Foundation in security principles, including encryption, authentication, access control, and risk assessment
• Compliance knowledge and understanding of regulatory and compliance standards relevant to the organization's industry (e.g., GDPR, NIST) and the ability to ensure cloud resources adhere to these standards
• Identity and Access Management (IAM) proficiency in managing user identities, roles, and permissions within the cloud environment, including using identity providers and Single Sign-On (SSO) solutions
• Understanding of network security, including firewalls and security groups, to protect cloud infrastructure
• Experience in scripting and automation (e.g., Python, PowerShell) tools to create, manage, and automate security policies and processes.
• Experience with security tools and services the cloud platform provides (e.g., Azure Security Center, Azure Defender for Cloud) and third-party security solutions.
• Skills in setting up and using security monitoring tools and the ability to respond effectively to security incidents and breaches.
• Ability to identify and remediate vulnerabilities in cloud-based systems, including conducting regular scans and patch management.
• Ability to maintain clear and up-to-date documentation of security policies, procedures, and configurations.
• Communication skills, both written and oral.
• Organizational and analytical skills.
• Ability to make progress in ambiguous situations with minimal supervision.
• Ability to gather business needs and translate them into technical solutions.
• Proficient with the Microsoft Office Suite of products (Word/Excel/Outlook).
• (preferred) A good technical background with multiple IT disciplines and knowledge of current IT Security issues and best practices.
• (preferred) Knowledge and experience in financial services or other highly regulated industries.

Certifications Required:

One or more of the following is required:

• AZ-500 - Microsoft Certified: Azure Security Engineer Associate
• CISSP - Certified Information Systems Security Professional
• AZ-104 - Microsoft Azure Administrator
• AZ-300 - Microsoft Azure Architect Technologies

Environmental, Physical and Psychological Requirements

• Standing - Occasionally
• Walking - Occasionally
• Sitting - Frequently
• Lifting - Rarely (40 Lbs)
• Carrying - Rarely
• Pushing - Rarely
• Pulling - Rarely
• Balancing - Rarely
• Stooping - Rarely
• Kneeling - Rarely
• Crouching - Rarely
• Crawling - Rarely
• Reaching - Occasionally
• Handling - Occasionally
• Grasping - Occasionally
• Feeling - Occasionally
• Talking - Frequently
• Hearing - Frequently
• Repetitive Motions - Frequently
• Eye/Hand/Foot Coordination - Occasionally
• Noises louder than normal speaking volume - Occasionally
• Temperature Changes - Rarely
• Atmospheric Conditions - Rarely

Additional Information

The pay range for this position is: $105,144.00 to $138,008.00 (I17)
Final compensation for this position will be determined by various factors such as relevant work experience, specific skills and competencies, education, certifications, and internal pay equity.
This position is eligible for our corporate bonus program based on company performance.
We anticipate this position to close on 01/19/2024. Please submit your application at your earliest convenience to be considered.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
Benefits Summary Sheet - 2024
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)