CyberSecurity Analyst 4
Join a leading energy company as a Cybersecurity Analyst IV and play a key role in advancing our technological defenses! We are seeking a highly skilled professional who excels in optimizing and maintaining critical systems driving innovation and ensuring the highest standards of operational efficiency.
Description:
*Full time hybrid 12 days/week in office open to remote*
Description:
- Key Experience Needed: encryption and key management as well as cloud security audit/implementation
Overview
- We are looking for a Lead Cloud Security Engineer to join our team and help us protect our data in our cloud environment from cyber threat actors.
- You will be responsible for designing implementing and maintaining security solutions that align with our business objectives and industry best practices.
- You will also participate in a cross functional team with other cloud security engineers and collaborate with other stakeholders to ensure compliance risk management and incident response.
Responsibilities
- Review design and implement cloud security architectures and policies for AWS environments.
- Design and enforce policies for data access retention and deletions.
- Develop and enforce data protection and encryption strategies for cloud data and assets.
- Work closely with crossfunctional teams to assess risk and deliver countermeasure that protect customers and company data.
- Establish and document repeatable processes that ensure proper use of the encryption key management data masking and data labeling technologies in the cloud.
- Monitor and analyze cloud security events and data loss incidents and provide remediation guidance.
- Participate in cloud security assessments and audits and provide recommendations for improvement.
- Research and evaluate emerging cloud security trends and technologies for Data Protection and provide recommendations for adoption.
- Provide Cloud security technical guidance to a team of Data Protection engineers.
- Partner with Cloud platform teams (Azure AWS OCI GCP) to design and implement security controls.
- Ensure compliance with data privacy regulations and standards.
- Ensure technical scripting and securing of the governance policy.
- Collaborate with the team to establish key performance indicators for AWS data protection events.
- Develop and maintain security standards and baselines to ensure controls and governance are implemented and updated dynamically at the speed of DevSecOps.
- Define the Minimum Security Baseline for use and implementation of services and applications with AWS that are adhere to specific identity and Access Management practices and security governance.
- Establish in reliable operation of controls and enable continuous and realtime auditing.
- Participate in AWS Security Immersion Days and contribute to the AWS Security Reference Architecture.
Qualifications
- Bachelors degree in Computer Science Information Security or related field
- At least 5 years of experience in cloud security preferably in AWS
- Proficiency in data protection strategies for cloud storage databases and applications.
- Knowledge of AWSspecific data Protection tools and services.
- Understanding of Global data protection laws and regulations.
- Ability to perform risk assessments and data protection audits.
- Analytical skills to assess data protection needs and compliance requirements.
- Strong knowledge of AWS security services and features such as IAM KMS VPC S3 CloudTrail CloudFormation etc.
- Strong knowledge of cloud security standards and frameworks such as NIST ISO CSA etc.
- Strong knowledge of data protection and encryption methods and technologies such as AES RSA PKI SSL/TLS etc.
- Strong knowledge of cloud security threats and vulnerabilities such as insider threat misconfiguration data leakage etc.
- Strong knowledge of cloud security tools and solutions such as AWS Inspector GuardDuty Macie WAF etc.
- Strong knowledge of Security Information and Event Management (SIEM) systems including creating and refining searches for alerting purposes.
- Strong knowledge of Data Lakes.
- Knowledge of infrastructure as code.
- Hands on experience implementing security control in AWS environments.
- Strong knowledge of cloud security best practices and methodologies such as DevSecOps CI/CD etc.
- Strong communication presentation and leadership skills to articulate data protection strategies.
- Advise peers managers and senior leaders to help influence and drive compliance with regulatory obligations and other security goals.
- Certification such as AWS Certified Security Specialty is preferred.