Senior Information Security Specialist – Cloud
Chicago, Illinois, United States of America
Full Time
4 days ago
$135,000 - $182,100 USD
Visa Sponsor
Key skills
AWSAzureCloudDockerFirewallsKubernetesTerraformGoogle CloudServerlessECSEKSAKSIdentity ManagementOWASPNetwork SecurityCloud SecurityWAFFirewall
About this role
Role Overview
- Lead the design and implementation of secure cloud architectures and solutions, ensuring alignment with business objectives and security requirements.
- Maintain and update risk registers and ensure continuous monitoring of cloud security risks.
- Act as a liaison between the security team and other departments to promote a security-first culture.
- Define and implement security controls and policies for cloud environments, ensuring compliance with industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and bank security policies.
- Continuously improve security controls and processes to enhance the organization's security posture.
- Develop and maintain documentation for security controls, policies, and procedures.
- Policies are increasingly managed as code, requiring developers skilled in scripting and programming to define, customize, and automate these policies using tools like HashiCorp Sentinel, Open Policy Agent (OPA), and Terraform.
Requirements
- Minimum of 5 years of professional experience designing and implementing cloud security controls.
- Bachelor’s degree in Information Systems or Computer Science, and/or equivalent combination of education and work experience within the domain areas of Cloud Security.
- In-depth understanding of cloud security principles, best practices for Azure and/or AWS platforms, and industry frameworks such as OWASP Top 10, NIST, CSA, CIS benchmarks.
- Experience building and implementing Infrastructure as Code and/or Policy as Code governance strategies.
- Experience conducting security assessments, risk analyses, and developing security concepts.
- Hands-on experience with cloud security tools and technologies such as AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and/or Wiz.
- Extensive knowledge of security tools and technologies such as SIEM, IDS/IPS, DLP, firewalls, PKI, and identity management and how they work in cloud environments.
- Specifically in network security, including AWS networking primitives, security groups, network access control lists, proxies, firewall and WAF technologies.
- Experience with cloud and containerized technologies, AKS, EKS, ECS, serverless, Kubernetes and Docker.
- Extensive knowledge of public cloud service providers and the threats to workloads within those environments.
- Currently hold active AWS Security Specialty or Azure AZ-500 certification.
Tech Stack
- AWS
- Azure
- Cloud
- Docker
- Firewalls
- Kubernetes
- Terraform
Benefits
- Industry-leading benefits
- Access to paid time off
- Resources and support to employees