Walker & Dunlop

Senior Cloud and Software Development Security Engineer

Walker & Dunlop

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $140,000 - $155,000 per year

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityTerraform

About the role

  • Lead and manage security projects.
  • Assess, design, and document security solutions and processes for Amazon Web Service (AWS) and Azure.
  • Direct tasks and develop milestones for Information Security projects in support of Information Security goals in line with the Company's direction.
  • Work with software developers on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built-in application security controls.
  • Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline.
  • Implement and automate “security as code” using cloud services and CI/CD components as necessary.
  • Design security architecture, methods, and controls required to meet security, compliance, and audit requirements.
  • Develop, review, and update a library of technical documentation.
  • Develop metrics and provide regular reports to senior management.
  • Set requirements and direct managed security service providers (MSSPs) to ensure that they are appropriately managing the services to provide security to the company.
  • Perform regular security audits and automated compliance checks on AWS and Azure resources.
  • Collaborate with SRE and development teams to ensure secure coding, build, and deployment practices.
  • Work closely with DevOps, SREs, and developers to champion a "security by design" culture.
  • Participate in security audits and formulate a plan of action and milestones to mitigate vulnerabilities.
  • Establish security baselines using best practices such as CIS benchmarks.
  • Work with other teams to test and implement security baselines into cloud environments.
  • Maintain thorough understanding of new developments and techniques in cybersecurity, privacy, and compliance.
  • Represent Information Security in disaster recovery procedures and exercises.
  • Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status.
  • Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure.
  • Establish processes to perform regular reviews of security configurations of cloud and software development environments.
  • Develop vulnerability management processes and manage the process to remediate the vulnerabilities.
  • Establish a process to escalate when vulnerabilities cannot be remediated in a timely manner.
  • Review security notifications from the company’s vendors to determine which vulnerabilities would cause an impact.
  • Assist in developing and enforcing data governance policies, data classification standards, and compliance workflows (e.g., GDPR, HIPAA, SOC 2).
  • Provide 24/7 on-call support for security incidents related to network systems and infrastructure.

Requirements

  • Bachelor’s degree in computer science, information security, or related field, or equivalent professional experience
  • 5+ years of experience in security engineering, DevSecOps, or cloud security
  • Industry certifications (e.g., CISSP, CCSP, AWS/Azure Security Specialty) preferred
  • Significant technical experience in AWS and Azure cloud computing technologies and automation (HashiCorp, Terraform, GitLab, JIRA, etc.)
  • Experience in DevOps environments working with and influencing developers to maintain security through CI/CD processes
  • Proficient and up to date with Azure and AWS
  • Hands on experience with Azure Resource Manager, AWS CloudTrail, AWS IAM, AWS Security Hub, AWS Control Tower
  • Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
  • Knowledge of network based, system level, and application layer attacks and mitigation methods
  • Experience extracting pertinent security data from SIEM solutions, audit logs, and reports
  • Knowledge of technical security control environments and compliance frameworks including NIST Cloud Security Frameworks, CSA CCM, ISO 27017
  • Extensive knowledge of cloud environments including security, configuration, and management
  • Documentable knowledge of cloud architecture, networks, security, network planning, and analysis
  • Demonstrated experience implementing security policies and procedures
Benefits
  • Up to 83% subsidized medical payroll deductions
  • Competitive dental and vision benefits
  • 401(k) + match
  • Pre-tax transit and commuting benefits
  • A robust health and wellness program – earn cash rewards and gain access to resources that promote health, engagement, and balance
  • Paid maternity and parental leave, as well as other family paid leave programs
  • Company-paid life, short and long-term disability insurance
  • Health Savings Account and Healthcare and Dependent Care Flexible Spending
  • Career development opportunities
  • Empowerment and encouragement to give back – volunteer hours and donation matching

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
security engineeringDevSecOpscloud securityInfrastructure as CodeCI/CDvulnerability managementsecurity architecturesecurity auditsdata governancecompliance workflows
Soft skills
leadershipproject managementcollaborationcommunicationproblem-solvinganalytical thinkingattention to detailadaptabilitystrategic planninginfluencing
Certifications
CISSPCCSPAWS Security SpecialtyAzure Security Specialty