Senior Cloud Security Engineer

Required Qualifications:

• Bachelor’s Degree and 8 years of experience. Additional 4 years of experience maybe accepted in lieu of the degree.
• Certified Information Systems Security Professional (CISSP) or AWS Certified Security Specialist
• Strong development background with hand on experience with Python, Bash, PowerShell, YAML and proficiency in building complex lambda functions / shell scripts for end-to-end automation.
• Proven experience as a Cloud DevOps and Automation Engineer.
• In depth knowledge of AWS security best practices following the AWS Well Architected Framework.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell, YAML) for automation tasks.
• Strong understanding of DevOps principles and continuous integration/continuous deployment (CI/CD) pipelines.
• Experience integrating CI/CD Pipelines with external API integrated solutions to create automated guardrails and gates for infrastructure deployments.
• Proficient in automation tools such as GitLab (Preferred), AWS SSM, AWS Lambdas, Puppet, Chef, Ansible or others.
• Broad knowledge of Windows and Linux OS’s.
• Strong Experience with Infrastructure as Code (IaC) tools like Terraform, Helm Charts, or similar technologies.
• Hands on experience with version control systems (Git, AWS CodeCommit, SVN) and branching strategies.
• Experience with securing microservices in the cloud (e.g., Amazon Elastic Compute Service (ECS), Amazon Elastic Kubernetes Service (EKS), Docker, Kubernetes).
• Familiarity with monitoring tools (e.g., CloudWatch, Prometheus, Kiali, Grafana) and log analysis tools such as ELK stack (Elastic, LogStash, Kibana) and AWS OpenSearch.
• Solid understanding of Agile methodologies and their application in release management.
• Strong communication and collaboration skills.
• Excellent problem solving and troubleshooting skills.
• Must be a US Citizen.
• Must be able to obtain and maintain a Public Trust 6C clearance.

Preferred Qualifications:

• Active High Risk Public Trust or Secret Clearance preferred.
• Relevant certifications in DevOps, Infrastructure as Code, or Site Reliability Engineering or related fields are a plus.

Benefits:

At Peraton, our benefits are designed to help keep you at your best beyond the work you do with us daily. We’re fully committed to the growth of our employees. From fully comprehensive medical plans to tuition reimbursement, tuition assistance, and fertility treatment, we are there to support you all the way.

#LI-ET1

We are seeking a skilled Senior Cloud Security Engineer to join our dynamic team. The ideal candidate will have extensive experience in cloud security, automation and configuration management, utilizing tools such as GitLab CI/CD, Terraform, Ansible, Puppet, or Chef. You will be responsible for designing, implementing, and maintaining security solutions to enhance our Amazon Web Services (AWS) cloud infrastructure's security, compliance, and governance.

The ideal candidate will have a strong background in AWS services, a deep understanding of infrastructure as code (especially Terraform), CI/CD delivery of AWS services, broad experience with different security compliance standards (e.g., CIS, AWS, NIST), and a passion for implementing best practices in site reliability engineering. The qualified individual will collaborate closely with cross-functional teams, including development, quality assurance, and operations, to ensure continuous improvement of our security posture while enabling more rapid application releases. The candidate must be a self-starter with the ability to lead security initiatives and present the value of the accomplishments to customers. This is a fulltime telework position.

What you will do:

• Design, implement, and manage security configurations using infrastructure as code (IaC) solutions like Terraform and Helm Charts to automate deployment and remediation processes.
• Collaborate with development teams to integrate security best practices and ensure the reliability of applications.
• Think outside the box and propose new automation solutions to enhance performance and security while reducing costs.
• Utilize leadership skills to lead new initiatives or activities without oversight.
• Present and demonstrate results to end customer technical staff and leadership clearly and effectively illustrating the value and benefit of the security automation and engineering accomplishments.
• Develop and maintain automation scripts and templates for integrating solutions like Nessus, Open Policy Agent (OPA), and code scans into the CI/CD Pipeline.
• Use configuration management tools (Puppet, Chef, Ansible) to automate the deployment and configuration of applications and services.
• Implement automated remediations using AWS Lambda and other AWS event-driven services to ensure continuous compliance of the environment.
• Implement robust monitoring, logging, alerting, and self-healing systems to ensure the health and performance of cloud infrastructure and to proactively identify and address potential issues before they impact system performance.
• Develop and maintain automated deployment pipelines using industry standard tools such as GitLab CI/CD, Jenkins, AWS CodePipeline or similar. Automate and streamline release processes to improve efficiency, compliance, and reduce manual errors.
• Assist in post incident root cause analyses to support continuous improvement of AWS resource and Pipeline configurations to meet evolving compliance standards.
• Automate the implementation of security and compliance management tasks required to ensure compliance to applicable compliance benchmarks and frameworks (NIST 800-53r5, CIS Benchmarks, and AWS Foundational Security Best Practices).
• Facilitate clear communication across teams, providing updates on governance status, known issues, and any potential impact on stakeholders. Proactively identify areas for security configuration and process improvement within the release management lifecycle.
• Collaborate with QA teams to establish and execute release validation procedures.
• Ensure releases are thoroughly tested and meet quality standards before deployment.