Role Proficiency:

Design and implement cloud security solutions using security tools such as Microsoft Sentinel. Lead the development of security strategies policies and procedures to protect client data in the cloud. Collaborate with DevOps teams to integrate security into the continuous delivery pipeline using automation tools such as Terraform and AKS. Conduct risk assessments threat modeling and security testing to identify and address security vulnerabilities. Provide subject matter expertise on cloud security best practices and technologies to clients and team members.

Outcomes:

Stay current with industry trends and advancements in cloud security and recommend changes to security strategies and practices as needed. Mentor and train junior security personnel to ensure that security best practices are being followed. Work with cross-functional teams including Development Operations and Information Security to ensure the security of cloud-based systems and applications. Communicate security risks and potential impacts to stakeholders and provide guidance on how to mitigate these risks. Lead client engagements providing technical guidance and support as needed to ensure successful delivery of cloud security solutions.

Measures of Outcomes:

Feedback from clients on the effectiveness of the security solutions implemented as well as the quality of service provided. On-time delivery of projects within scope budget and quality requirements. Adherence to industry and client-specific security standards and regulations. Quickness and effectiveness in detection of security threats and % of successful solutions for security incidents Successful Adoption and compliance with security policies and procedures across the organization. Success in mentoring and developing junior security personnel. Demonstrated knowledge and expertise in cloud security Microsoft Sentinel Terraform AKS and DevOps. Success in building strong relationships with cross-functional teams and stakeholders. Implementation of improvements to security strategies practices and technologies over time. Identification and implementation of new and innovative solutions to improve the security posture of clients.

Outputs Expected:

Solution Architecture:

Design and implement secure and scalable cloud security solutions that meet client needs and requirements.

Security Strategy Development:

Develop and implement security strategies
policies
and procedures that effectively protect client data in the cloud.

Risk Assessment and Mitigation:

Conduct risk assessments
threat modeling
and security testing to identify and address security vulnerabilities.

Technical Leadership:

Provide technical leadership and guidance to team members
as well as to lead client engagements and provide technical support as needed.

Collaboration and Cross-Functional Relationships:

Build strong relationships with cross-functional teams
stakeholders
and clients
and to effectively communicate security risks and potential impacts.

Continuous Improvement:

Continuously improve security strategies
practices
and technologies to ensure that clients remain protected from evolving threats.

Industry Knowledge and Expertise:

Stay current with industry trends and advancements in cloud security
and to provide subject matter expertise to clients and team members.

Skill Examples:

Proficiency in Microsoft Sentinel including configuration deployment and management. Also Knowledge of Terraform including the ability to automate infrastructure deployment and management in the cloud. Proficiency in AKS (Azure Kubernetes Service) including the ability to deploy manage and secure Kubernetes clusters in the cloud. Proficiency in DevOps practices and tools including continuous integration and delivery (CI/CD) pipelines and the ability to integrate security into these processes. Proficiency in risk assessments and threat modeling to identify and address security vulnerabilities and Knowledge of security testing techniques including penetration testing and the ability to effectively test cloud-based systems and applications. Strong leadership skills

Knowledge Examples:

Knowledge Examples

Cloud Computing: A deep understanding of cloud computing concepts and models including infrastructure as a service (IaaS) platform as a service (PaaS) and software as a service (SaaS). Cloud Security Standards and Frameworks: Knowledge of cloud security standards and frameworks such as ISO 27001 NIST Cybersecurity Framework and the Center for Internet Security (CIS) Critical Security Controls. Knowledge of cloud security best practices technologies and frameworks as well as experience with cloud security solutions such as Microsoft Sentinel. Microsoft Sentinel: A comprehensive understanding of Microsoft Sentinel including its features functions and capabilities. Terraform: Knowledge of Terraform including its architecture language and syntax. AKS: A deep understanding of AKS (Azure Kubernetes Service) including its architecture security and network integration. DevOps: Knowledge of DevOps practices and tools including continuous integration and delivery (CI/CD) pipelines and the ability to integrate security into these processes. Risk Assessment and Threat Modeling: Knowledge of risk assessment and threat modeling methodologies and the ability to effectively identify and mitigate security risks in the cloud. Security Testing: Knowledge of security testing techniques including penetration testing and the ability to effectively test cloud-based systems and applications. Network and Information Security: Knowledge of network and information security concepts including firewalls intrusion detection/prevention systems (IDS/IPS) and encryption.

Additional Comments:

•Bachelor’s degree in computer science, Information Technology, or Technology related field. Advanced degree or relevant certifications (e.g., CISSP, CCSP, AWS Certified Security – Specialty) preferred. •Seven years of experience in one, or a combination, of network, application, cloud, or infrastructure security domain, showcasing a comprehensive understanding of security principles and practices. •Demonstrated expertise in cloud platforms like AWS, Azure, and Google Cloud, including a deep understanding of security features such as IAM, VPC, Security Groups, and encryption services. •Strong familiarity with networking concepts, protocols, and security principles, enabling the design and implementation of secure network architectures. •Demonstrated experience in cloud-native architectures, microservices, and operational best practices in cloud and container orchestration. •Experience integrating enterprise-scale security solutions in AWS and/or Azure, encompassing user, security, and networking configurations to ensure robust security postures. •Proficiency in full stack cloud automation using tools like Git, Terraform, Ansible, and Jenkins, with past programming experience, and knowledge of Python is a plus. •Experience aligning security programs with industry benchmarks and standards such as NIST, CIS, FIPS, PCI DSS, HIPAA, and FIPS 140-2, ensuring adherence to best practices. •Strong understanding of IT Risk Management, Security Policies and Procedures, Internal Audit, and Compliance Standards. Familiarity with SOC, FFIEC, CSA, and FedRAMP is a plus. •Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross functional teams and capability to communicate technical concepts to non-technical stakeholders.