- In-depth knowledge of cloud security best practices, principles, and technologies, including IAM, encryption, network security, container security, and serverless security.
- Hands-on experience with cloud security tools and services such as AWS Security Hub, AWS native security services, Cloud Trail, guard duty, security groups, and Cloud Watch.
- Review the design and implementation of secure AWS cloud architecture solutions, including VPC configurations, security groups, IAM policies, encryption mechanisms, and logging and monitoring for the AWS cloud environment.
- Conduct vulnerability assessments and penetration testing on AWS infrastructure and applications. Develop and implement remediation plans to address security vulnerabilities and weaknesses.
- Strong understanding of security compliance requirements and frameworks (e.g., GDPR, HIPAA, SOC 2, ISO and experience implementing controls and measures to achieve compliance.
- Proficiency in scripting and automation for security automation and orchestration.
- Excellent analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
- Provide security training and guidance to AWS users, developers, and administrators to promote a culture of security awareness and compliance within the organization.
- BS Degree in IT, Computer Science, or Engineering, or equivalent experience
- Master's Degree in Engineering or Computer Science is HIGHLY PREFERRED
Information Technology Security Engineer - Washington, United States - HRUCKUS
Description
Veteran Firm Seeking a Senior Security Cloud Engineer for a Remote Assignment in Washington, DC
My name is Stephen Hrutka, and I lead a Veteran-owned consulting firm in Washington, DC, focused on strategic sourcing, supply chain, and IT Staffing.
We are looking to fill a Senior Security Cloud Engineer role for the DHCF - Department of Health Care Finance in the DC Government.
The ideal candidate has 16+ years of experience developing, leading, and executing information security incident response plans, 15+ years of experience working in the field of Cloud cybersecurity, and 5+ years of knowledge of federal and industry-specific regulations and compliance requirements related to cybersecurity (e.g., FISMA, HIPAA, GDPR).
If you're interested, I'll gladly provide more details about the role and further discuss your qualifications.
Thanks,
Stephen M Hrutka
Principal Consultant
Executive Summary: HRUCKUS is looking to hire a Senior Security Cloud Engineer for the DHCF - Department of Health Care Finance to directly support the DC Access System (DCAS) in the DC Government. As a member of the DCAS Security team, you will participate and contribute to the design, build, and operational support of cloud security architecture.
Position Overview: The DC Department of Health Care Finance, District of Columbia Access System (DCAS) seeks a qualified and experienced Security Cloud Engineer to enhance and manage the organization's cybersecurity posture. The selected candidate will play a crucial role in safeguarding sensitive data, ensuring compliance with regulations, and strengthening the agency's overall security framework on a contract basis. The Cybersecurity Cloud Engineer will be responsible for assessing, implementing, and maintaining the security measures necessary to protect the organization's digital assets and information.
Scope of Work: The Security Cloud Engineer will support the District of Columbia Access System (DCAS) under the Technical Program manager to identify security vulnerabilities, design and implement security solutions, monitor security systems, and respond to security incidents impacting DHCF on-premises and cloud-hosted resources. The contractor shall provide subject matter expertise in the design, development, and implementation of security best practices, which include, but are not limited to, network security, application security, access control, and security policy development.
Position Requirements and Duties:
Position Responsibilities:
1. Expertise in implementing, administrating, and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers, and malware analysis tools.
2. Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, and Regex.
3. Develops, leads, and executes information security incident response plans.
4. Develops standard and complex IT solutions & services, driven by business requirements and industry standards.
5. May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.
Minimum Education/Certification Requirements:
Skills Matrix:
Skill/ Required/ Desired/ Years
Minimum of 15 years of experience working in the field of Cloud cybersecurity/ Required/ 15
Knowledge of federal and industry-specific regulations and compliance requirements related to cybersecurity (e.g., FISMA, HIPAA, GDPR)/ Required/ 5
Experience in preparing for and participating in security audits and assessments for Cloud environments/ Required/ 5
Expertise in AWS network security, including AWS firewalls/ Required/ 10
Proficiency in security technologies such as SIEM (Security Information and Event Management) systems and endpoint protection solutions for AWS/ Required/ 5
Demonstrated ability to develop and implement security policies, procedures, and standards/ Required/ 10
Strong understanding of AWS cloud security principles and best practices/ Required/ 10
16+ yrs. developing, leading, and executing information security incident response plans/ Required/ 16
16+ yrs. developing standard and complex IT solutions & services, driven by business requirements and industry standards/ Required/ 16
BS Degree in IT, Cybersecurity, Engineering, or equivalent experience/ Required