Sentara Health

Senior Cloud Cyber Security Engineer

Sentara Health

full-time

Posted on:

Location Type: Remote

Location: VirginiaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud Platform

About the role

  • Design and implement secure cloud architectures, ensuring adherence to best practices and compliance requirements.
  • Collaborate with cloud architects and DevOps teams to integrate security controls and mechanisms into cloud environments.
  • Review and assess cloud infrastructure and service configurations to identify potential security risks and recommend necessary improvements.
  • Conduct regular security assessments, including vulnerability scanning, penetration testing, and security audits of cloud resources and services.
  • Identify and prioritize security vulnerabilities, misconfigurations, and compliance gaps, and provide recommendations for remediation.
  • Assist in implementing and maintaining security testing tools and automation scripts for continuous security assessment.
  • Develop and implement cloud-specific identity and access management (IAM) policies and controls to ensure appropriate access rights and permissions.
  • Monitor and review IAM configurations, roles, and access policies to prevent unauthorized access and privilege escalation.
  • Collaborate with identity teams to integrate cloud IAM with enterprise identity and access management systems.
  • Implement and manage cloud security monitoring tools and solutions to detect and respond to security incidents in real-time.
  • Establish incident response plans and processes specific to cloud environments, collaborating with incident response teams to investigate and mitigate cloud-related security incidents.
  • Conduct post-incident analysis and implement measures to prevent similar incidents in the future.
  • Ensure cloud infrastructure and services comply with relevant security standards, regulations, and industry frameworks (e.g., CIS, NIST, GDPR, etc.).
  • Participate in security audits, assessments, and regulatory compliance activities, working with auditors to address findings and ensure compliance.
  • Stay updated with evolving cloud security trends, emerging threats, and regulatory changes, and provide guidance on implementing necessary controls.
  • Work with Governance team to conduct training and awareness programs for cloud users, developers, and stakeholders to promote secure cloud practices and awareness of cloud-specific security risks.

Requirements

  • Proven experience (5 years) in cloud security roles, with a strong understanding of cloud platforms and services (AWS, Azure, or GCP).
  • Deep knowledge of cloud security best practices, cloud-native security tools, and cloud service provider security offerings.
  • Experience with cloud security assessment tools, vulnerability scanning, and penetration testing techniques.
  • Familiarity with cloud identity and access management (IAM) concepts and frameworks.
  • Understanding of networking, encryption, and virtualization technologies as they relate to cloud security.
  • Excellent analytical and problem-solving skills, with the ability to effectively assess and communicate cloud security risks.
  • Strong written and verbal communication skills, with the ability to collaborate with cross-functional teams and provide security guidance.
  • Cloud security controls: Identity and Access Management (IAM), Encryption, Network Security, Compliance, Logging and Monitoring, Vulnerability Management, Disaster Recovery and Business Continuity, Cloud Access Security Broker (CASB), and Multi-Factor Authentication (MFA).
  • Knowledge of various technical frameworks and concepts (MITRE ATT&CK, CIS, Kill Chain, etc)
  • Experience working in a highly regulated environment.
  • Ability to express complex technical concepts in business terms.
  • Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
  • Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
  • Review and coordinate changes to cyber security policies, procedures, and standards.
Benefits
  • Medical, Dental, Vision plans
  • Adoption, Fertility and Surrogacy Reimbursement up to $10,000
  • Paid Time Off and Sick Leave
  • Paid Parental & Family Caregiver Leave
  • Emergency Backup Care
  • Long-Term, Short-Term Disability, and Critical Illness plans
  • Life Insurance
  • 401k/403B with Employer Match
  • Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
  • Student Debt Pay Down – $10,000
  • Reimbursement for certifications and free access to complete CEUs and professional development
  • Pet Insurance
  • Legal Resources Plan
  • Colleagues may have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cloud securitycloud architecturevulnerability scanningpenetration testingidentity and access management (IAM)encryptionnetwork securitycloud-native security toolsdisaster recoverymulti-factor authentication (MFA)
Soft Skills
analytical skillsproblem-solving skillswritten communicationverbal communicationcollaborationorganizational skillsdetail-orientedability to work under deadlinesability to express technical concepts in business termstraining and awareness