New Era Technology

Senior Cloud Security Expert, AWS, Snowflake

New Era Technology

contract

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Job Level

Senior

Tech Stack

AWSCloudCyber SecurityDNSEC2PythonSplunkTerraform

About the role

  • Lead and execute a NIST SP 800-53 Rev 5 moderate-baseline cybersecurity assessment for a multi-account Snowflake deployment on AWS.
  • Plan & scope the assessment; facilitate scoping workshops and interviews with IAM, Cloud Security Engineering, SRE, Snowflake DBAs, Network Security, GRC, and other teams.
  • Select applicable NIST control baseline and overlays (HIPAA, CJIS, PCI-DSS, FedRAMP Moderate).
  • Create detailed assessment plan and schedule; execute security assessment and produce a security assessment report with findings and recommendations.
  • Inventory AWS IAM roles, SCPs, KMS key policies, and IAM Identity Center mappings; map to Snowflake RBAC and test separation-of-duties.
  • Validate MFA, PrivateLink DNS, key-rotation cadence, IdP claims; inspect column-level encryption, tri-secret strategy, dynamic data-masking, and key management choices.
  • Ensure logging & monitoring: validate CloudTrail org-trail + S3 object-lock, Snowflake Access History & Account Usage retention ≥ 1 year; test log integrity and SIEM onboarding (Splunk, Sentinel, Elastic).
  • Review network & segmentation: VPC design, Transit Gateway attachments, Security Groups, NACLs, GuardDuty, and PrivateLink endpoint policies; obtain TLS scans.
  • Execute vulnerability and configuration reviews; run Inspector & Qualys against EC2 bastions; validate Snowflake parameter drift and Terraform state alignment.
  • Verify incident response runbooks for session kill, key rotation, and account failover; evaluate governance, FedRAMP/SOC2/AWS Artifact docs, and third-party vendor controls.

Requirements

  • Bachelors in computer science, Information Systems, or equivalent; CISSP, CISA, or CISM preferred.
  • 8+ years hands-on AWS security; current AWS Security Specialty or Solutions Architect Professional certification.
  • 3+ years administering Snowflake Enterprise or higher; SnowPro Core or SnowPro Advanced (Architect) experience preferred.
  • Deep knowledge of NIST SP 800-53 Rev 5 controls.
  • Proficient with Terraform, CloudFormation, AWS Config conformance packs, and Okta/ADFS SAML claims mapping.
  • Demonstrated experience integrating CloudTrail, GuardDuty, Macie, and Snowflake event tables into Splunk/Sentinel.
  • Scripting: Python 3, Bash, SnowSQL; familiarity with Snowpark and data-classification UDFs a plus.
  • AWS Control Tower & Landing Zone experience.
  • Experience with large enterprises and big tech industry.
  • Excellent attention to detail, organizational, analytical, documentation and communication skills.
  • Ability to work across different time zones; collaborative team worker; self-starter; liaison between business and information security/IT.