Information Security Risk Analyst II
Methodist Le Bonheur Healthcare
Senior Cloud and Software Development Security Engineer
Walker & Dunlop
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $140,000 - $155,000 per year
Job Level
Senior
Tech Stack
AWSAzureCloudCyber SecurityTerraform
About the role
- Lead and manage security projects.
- Assess, design, and document security solutions and processes for Amazon Web Service (AWS) and Azure.
- Direct tasks and develop milestones for Information Security projects in support of Information Security goals in line with the Company's direction.
- Work with software developers on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built-in application security controls.
- Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline.
- Implement and automate “security as code” using cloud services and CI/CD components as necessary.
- Design security architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Develop, review, and update a library of technical documentation.
- Develop metrics and provide regular reports to senior management.
- Set requirements and direct managed security service providers (MSSPs) to ensure that they are appropriately managing the services to provide security to the company.
- Perform regular security audits and automated compliance checks on AWS and Azure resources.
- Collaborate with SRE and development teams to ensure secure coding, build, and deployment practices.
- Work closely with DevOps, SREs, and developers to champion a "security by design" culture.
- Participate in security audits and formulate a plan of action and milestones to mitigate vulnerabilities.
- Establish security baselines using best practices such as CIS benchmarks.
- Work with other teams to test and implement security baselines into cloud environments.
- Maintain thorough understanding of new developments and techniques in cybersecurity, privacy, and compliance.
- Represent Information Security in disaster recovery procedures and exercises.
- Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status.
- Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure.
- Establish processes to perform regular reviews of security configurations of cloud and software development environments.
- Develop vulnerability management processes and manage the process to remediate the vulnerabilities.
- Establish a process to escalate when vulnerabilities cannot be remediated in a timely manner.
- Review security notifications from the company’s vendors to determine which vulnerabilities would cause an impact.
- Assist in developing and enforcing data governance policies, data classification standards, and compliance workflows (e.g., GDPR, HIPAA, SOC 2).
- Provide 24/7 on-call support for security incidents related to network systems and infrastructure.
Requirements
- Bachelor’s degree in computer science, information security, or related field, or equivalent professional experience
- 5+ years of experience in security engineering, DevSecOps, or cloud security
- Industry certifications (e.g., CISSP, CCSP, AWS/Azure Security Specialty) preferred
- Significant technical experience in AWS and Azure cloud computing technologies and automation (HashiCorp, Terraform, GitLab, JIRA, etc.)
- Experience in DevOps environments working with and influencing developers to maintain security through CI/CD processes
- Proficient and up to date with Azure and AWS
- Hands on experience with Azure Resource Manager, AWS CloudTrail, AWS IAM, AWS Security Hub, AWS Control Tower
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
- Knowledge of network based, system level, and application layer attacks and mitigation methods
- Experience extracting pertinent security data from SIEM solutions, audit logs, and reports
- Knowledge of technical security control environments and compliance frameworks including NIST Cloud Security Frameworks, CSA CCM, ISO 27017
- Extensive knowledge of cloud environments including security, configuration, and management
- Documentable knowledge of cloud architecture, networks, security, network planning, and analysis
- Demonstrated experience implementing security policies and procedures
Benefits
- Up to 83% subsidized medical payroll deductions
- Competitive dental and vision benefits
- 401(k) + match
- Pre-tax transit and commuting benefits
- A robust health and wellness program – earn cash rewards and gain access to resources that promote health, engagement, and balance
- Paid maternity and parental leave, as well as other family paid leave programs
- Company-paid life, short and long-term disability insurance
- Health Savings Account and Healthcare and Dependent Care Flexible Spending
- Career development opportunities
- Empowerment and encouragement to give back – volunteer hours and donation matching
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
security engineeringDevSecOpscloud securityInfrastructure as CodeCI/CDvulnerability managementsecurity architecturesecurity auditsdata governancecompliance workflows
Soft skills
leadershipproject managementcollaborationcommunicationproblem-solvinganalytical thinkingattention to detailadaptabilitystrategic planninginfluencing
Certifications
CISSPCCSPAWS Security SpecialtyAzure Security Specialty
