[Remote] Senior Security Engineer

Note: The job is a remote job and is open to candidates in USA. Zermount, Inc. is seeking a highly talented and technical Senior Security Engineer to develop and implement strategies for protecting computer systems and networks from malicious attacks. This role involves working with IT professionals to design new security measures, conduct security reviews, and improve cloud security monitoring among other responsibilities.

Responsibilities

• Develop, and integrate with other Cybersecurity workflow to include: ATO Intake, assessment, and Vulnerability Scanning process
• Perform security reviews based on RMF controls compliance, clients, and security best practices
• Provide security input on Cloud Center of Excellence (CCOE) and Cloud Advisory Council (CAC) agenda items by participating in technical working groups, providing security analysis, and providing recommendations
• Performs architecture design reviews including configuration and log reviews, and perform network traffic analyses
• Produces a SAR Report to include HVA's architecture strengths and findings
• Design and deploy native Cloud security services in AWS, Microsoft Azure, and Google Cloud
• Perform proof of value of Cloud-native, COTS, 3rd party, or opensource security capabilities by hands-on deploying and evaluating against security requirements
• Develop scripts or code to perform Cloud Security assessments through Cloud native API or SDK
• Develop enterprise cloud security blueprints to include security in Infrastructure as Code (IaC templates)
• Analyzing the impact of emerging technologies on existing security systems and identifying potential risks
• Research new and emerging security practices and capabilities such as AI/ML to address compliance and mitigate security risk
• Improve Cloud Security monitoring to include ingestion of logs such as: API, application/database, and flow logs into SIEM
• Increasing Cloud vulnerability coverage in the areas of Operating System (OS), application code, and Infrastructure level
• Develop architecture for integrating findings into a centralized dashboard that allows product owners direct access to team's specific systems or cloud account findings
• Conduct studies and analysis of proposed operations modifications
• Provide end-to-end architecture tradeoff assessments
• Develop strategic and tactical plans
• Conduct evaluation of new program requirements
• Investigate and develop new technologies for possible operations modifications
• Develop standards and solutions to meet the client's requirements

Skills

• High level of attention to detail, needs minimal guidance, effective verbal, and written communications
• Equally adept at strategic planning and operational/technical level
• Able to adapt to new and changing requirements or priorities and manage work and resources accordingly
• At least 5 years (preferred 10 years) of network, systems, applications: LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS
• Virtualization, hypervisor security, container security
• Application development, serverless security, microservices, CICD
• At least 5 years of designing and/or implementing security in Cloud (AWS required, Azure or GCP optional): Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model
• AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda
• Azure E3/E5, Active Directory, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy
• Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp
• Familiarity with: ZTNA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance
• At least 2 years working in or managing Agile Devops, Scrum, Kanban
• Cloud architecture
• Architecture experience
• Networking experience
• Network Security / Cyber Security experience
• Candidate must have a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, information technology, or cyber security
• Certified Information Systems Security Professional (CISSP) is required
• Public Trust
• At least 10 years of network, systems, applications: LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS
• Azure or GCP optional certifications: Certified Cloud Security Professional, AWS Certified Solutions Architect Associate, AWS Certified Security Specialist, Microsoft Azure Solutions Architect, Google Professional Cloud Architect

Company Overview