Cloud Security Engineer

An extraordinarily talented group of individuals work together every day to drive TNS' success, from both professional and personal perspectives. Come join the excellence!

Overview

An experienced and motivated Cloud Security Engineer to help TNS develop and mature the security of our growing cloud footprint. The ideal candidate will have experience on multiple cloud environments including unified monitoring via cloud application security broker (CASB) and SIEM on behalf of a cybersecurity program. Serving as a Subject Matter Expert in the configuration and operation of the security consoles and controls within the environment. Providing analysis of outputs and recommendations for improving overall security posture. Finally, developing technical documentation supporting the architecture discussions and leadership decision.

Responsibilities

• Driving development and adoption of cloud security standards, best practices, and technologies within Enterprise IT infrastructure at TNS.

• Liaising and communicating security-related issues with internal business stakeholders.

• Developing, enhancing, and documenting security architecture, security policies, patterns, procedures, guidelines, and standards requiring cloud-based solutions. 

• Implementing security controls to comply with industry best practices and various regulatory controls – PCI.

• Working with other teams to maintain security compliance for PCI or other security standards.

• Providing security recommendations and expertise on new services or for migrating applications.

• Conducting initial triage assessments of audit findings from audit or testing.

• Reviewing products and making recommendations to improve the security posture.

• Engaging with other internal and external groups to get and share information to improve processes and security posture.

• Proactively improving the security posture of cloud-based environments with Cloud Service Provider(CSP) services, Compliance as Code and automation.

• Reviewing reports from third-party penetration test results and document alignment to cloud provider guidelines and tools.

• Define, document, and share cloud provider incident response methodology that guides detection and response to cloud-based security incidents including defining first responder steps and incident manager role.

• Experience reviewing system and application logs (e.g., web or mail server logs), either to investigate security issues or complex operational issues.

• Verify cloud logging capabilities to establish accountability for events that occur in the cloud environment

• Experience deploying physical, virtual and cloud hosted enterprise applications on MS Windows and/or Linux OS.

Qualifications

• Confident, articulate, and professional speaking and writing abilities in English.

• An understanding of how cloud components work and integrate with each other for a given platform.

• Implementation and use of Vulnerability Management and Dynamic Application Security Testing (DAST) Tools (Qualys, Tenable). 

• Assessment Tools for Cloud Security (Pacu, Aquasecurity Cloudsploit …