Cloud Security Specialist- SOC2

Job Summary / Objective

This role presents an exciting opportunity for an accomplished [AWS] Solution Architect to direct and guide all matters related to security architecture design for our established commercial Cloud SAAS application. The Specialist will serve as the subject matter expert for secure cloud technology design, secure development, and implementation within the CUES software division.

With a near-term objective of enabling our commercial cloud SAAS solution to achieve a SOC2 compliance audit certification, the longer-term goal is to create and maintain security strategy plans and roadmaps - and influence the ongoing planning and execution of the roadmaps - with measurable benchmarks to show ongoing progress or deficiencies. Whether from 5G, the internet of things, AI, drones, autonomous robots and AR/VR, the successful candidate will serve as the subject matter expert for CUES secure cloud technology design, development, and implementation globally.

Essential Job Functions and Duties

Working closely with the existing CUES software Cloud team, the CSS will assess cloud security risks by reviewing all existing cloud related policies, standards, and guidelines to establish a baseline gap analysis to ensure security is designed and delivered to meet business use cases and requirements.

Document all Application-specific controls to prepare for SOC2 audit using AWS and 3rd party tools.

Establish a security architecture with a focus on threat detection, security control enforcement, and incident response.

Possess solid relationship-building skills to work successfully with outside auditors and partners.

Assist the Implementation team with migrations from on-prem systems to our cloud platform while establishing and maintaining a high level of security and compliance.

Maintain Security update posts released by AWS to mitigate risks.

Develop and execute strategies to mature the security posture of our commercial application, as well as mentor our CloudOps implementation specialists and analysts.

Ensure that relevant audit and security logs are collected to a central location and exposed to the DevOps team for triage, analysis, and incident response compliant with SOC2.

Draft and review cloud related policies, standards, and guidelines to ensure security is designed and delivered to meet commercial requirements and SOC2 compliance.

Have impeccable administrative and customer service skills.

Actively participate in various architecture forums to champion and evangelize the differentiated and unparalleled CUES SAAS security methodology for successful client acquisition and provide expertise on security-related issues to CISO-level constituents.

Required Competencies

Six (6)+ years of experience with hands-on Security Architecture and/or Engineering

Five (5)+ years of experience with Amazon Web Services (AWS) and/or Microsoft (MS) Azure

Three (3)+ years of experience deploying security strategy and implementation, including the deployment of Security Tools within an AWS ecosystem (Conformance Packs, Foundations Benchmarks, Audit Manager, etc.), Network IPS/IDS, Identity and Access Management (IAM), Zero Trust, Security Access and Service Edge (SASE) and Security Frameworks and Methodologies, and Threat Hunting and Modeling.

Experience with SaaS, IaaS, and PaaS architectural solutions within Amazon Web Services

Experience in Cloud, DevSecOps, Container Security, IAM patterns, WAF/CDN/DDoS services, security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies

Experience in security architecture methodologies like SABSA, OSA, O-ESA, security framework and standards like NST CSF, ISO, PIC, SOC2, and best practices like CIS benchmarks, defense in depth.

Experience in working through SOC 1, SOC2 certification process / report preparation

Experience with data protection, cryptography, key management, SAML, AWS Cognito, OKTA, DUO

Hands on expertise with AWS Security Tools including: - AWS Config, CloudTrail, Security Hub, Inspector, Audit Manager, Systems Manager, WAF, etc.

Broad knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems such as Securonix Next Gen, intrusion detection/prevention systems (IDS/IPS) such as Securonix Cloud Ingestor, public key infrastructure (PKI), antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls

Experience architecting SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools

Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies

Possess excellent communication skills to persuasively articulate the technical advantages of relevant security architectures and align stakeholders to make positive buying decisions