Cloud Security Engineer

Cloud Team - Hedge Fund

New York City
Posted 3 months ago

General Information

  • Hiring Department/Group: Public Cloud
  • Job Title: Cloud Security Engineer
  • Office Location: New York City, NY 10103

Job Function Summary

The firm is building a cloud engineering and enablement practice across multiple cloud platforms.  This is a functional team that will work across multiple lines of business, and enable engineers and developers throughout the firm to securely deploy applications on cloud platforms.

This is an opportunity for the right candidate, working closely with our information Security team, to develop a comprehensive security practice across public cloud providers.  The candidate must be deeply knowledgeable about cloud infrastructure and have the technical expertise to engineer solutions that mitigate the risks associated with it.

A strong understanding of IAM, role based access controls, network security, and means of isolating environments within cloud infrastructure is required.  Experience implementing certificate and key management systems to enable encryption on cloud platforms is also required.  An understanding of security and authentication protocols is also desired including TLS, SSH, OAuth, SAML, Kerberos.

The candidate should also be familiar with various network controls including proxies and reverse proxies, network and application load balancers, stateful and deep packet inspection.  The candidate will understand how to design environments to protect against malicious accidental threats, such as data leakage and denial of service

The candidate must have experience developing production code in one or more languages, preferably including Python.  The candidate should also be capable of developing unit and functional tests, security checks, validators, and integrating them into an SDLC framework and DevOps practices. The candidate should be capable of developing secure cloud based infrastructure as code.

Knowledge of Linux and Windows administration and OS hardening is desired.  The individual should also be familiar with configuration management and understand how to leverage idempotency, statelessness, and imutability.

Experience with log management and monitoring tools, including cloud native tools, is strongly desired.  The ideal candidate should be able to aggregate, correlate, and report on logs and metrics, use them for detecting anomalous or risky behavior, and triggering automated actions or alerts.  Familiarity with common exploits, such as XSS, SQL Injection, DOS, man-in-the-middle, and buffer overflows, as well as how to detect them and protect against them, is a strong plus.

Any experience managing data, including its integrity and security throughout the development lifecycle, especially as part of a large scale data analytics workflows is also a plus

Principal Responsibilities

  • Work closely with our information Security team to develop a comprehensive security practice across public cloud providers
  • Engineer solutions that leverage cloud native security features and controls for authentication, authorization, isolation, and encryption, and integrate with open source and vendor tools
  • Work with developers and engineers designing tools that enable them to use cloud platforms in a secure manner
  • Build reusable templates that incorporate security into common application and infrastructure design patterns
  • Develop monitoring, alerting, and remediation to ensure the security of work on cloud platforms
  • Build security controls and gates into the software development lifecycle

Desired Qualifications/Skills

  • Deep understanding of cloud infrastructure and how to secure it
  • Expertise in authentication and authorization mechanisms on cloud platforms
  • Experience leveraging certificate and key management to ensure encryption across services
  • Experience developing collaboratively, including infrastructure as code, preferably in Python
  • Implementation of security controls as part of a development pipeline
  • Excellent written and verbal communications
  • Excellent troubleshooting, investigative, and analytical skills
  • Self-starter able to execute independently, with light supervision
  • Able to execute on a deadline and under pressure

Job Features

Job CategoryFull Time

Apply Online

A valid phone number is required.
A valid email address is required.