Cloud Network Security Engineer I

BankUnited - Miami Lakes, FL

posted 3 months ago

Full-time - Mid Level
Remote - Miami Lakes, FL
Wholesale Trade Agents and Brokers

About the position

The Cloud Network Security Engineer at BankUnited is a specialized role focused on enhancing the security of the bank's multi-cloud technology environment. This position requires a deep understanding of various cloud-native security tools and practices, including virtual firewalls, cloud networking concepts, Cloud Access Security Broker (CASB), Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), and Web Application Firewalls (WAF). The engineer will collaborate closely with Cloud Architecture, network teams, and other engineering teams to establish and continuously improve the bank's cloud security posture. In this role, the engineer will be responsible for performing essential network security maintenance tasks, such as updating firewall rules, configuring WAF rules, and updating IDS/IPS signatures. They will manage third-party network security service providers to optimize service delivery and ensure effective partnerships. The engineer will also create and maintain the Cloud Network & Network Security architecture roadmaps, conduct research on relevant products and standards, and participate in architecture and engineering discussions. The Cloud Network Security Engineer will coordinate with cross-functional teams to meet project timelines and customer service deliverables, while also seeking opportunities to enhance network security performance. This includes working with Site Reliability Engineers (SRE) to improve application and network resiliency. The engineer will maintain accurate documentation of the cloud network security environment and interact with application and infrastructure personnel to support secure, network-aware applications. Additionally, they will contribute to the development of the bank's business continuity plan and help define the Network and Network Security Architecture that supports the bank's growth. The role also involves leveraging Infrastructure as Code (IaC) best practices to deploy and manage critical infrastructure, developing build pipelines, and collaborating with other teams to create a seamless automation framework for network and security operations. The engineer will work closely with management and Agile coaches to translate requirements into actionable deliverables, while adhering to all applicable laws and regulations, as well as bank policies and procedures.

Responsibilities

  • Perform network security maintenance including updates to firewall rules, WAF rule configuration, IDS/IPS signature updates, etc.
  • Management of 3rd party network security service provider to ensure optimization of delivery and partnership engagement.
  • Creation, updating and ensuring adherence to the Cloud Network & Network Security architecture roadmaps.
  • Conduct research on network and network security products, services, protocols, and standards to remain abreast of developments in the networking industry.
  • Participate and feed into both network and network security architecture, engineering, and operations teams.
  • Coordinate with cross functional groups to ensure project timeline and customer service deliverables are met.
  • Look for opportunities to improve the network security performance and management including coordination with SRE engineers to increase application and supporting network resiliency.
  • Maintain accurate and current documentation of the cloud network security environment.
  • Interact with application and other infrastructure personnel to develop and support secure, network aware applications.
  • Contribute towards the continued development of the Bank's overall business continuity plan.
  • Help define the Network and Network Security Architecture that will enable our business to thrive.
  • Leverage IaC best practices to deploy, operate, and scale critical infrastructure.
  • Develop IaC, build pipelines, and deploy infrastructure following best practices and defined standards.
  • Collaborate with other teams in the development of a seamless Network and Network Security automation framework.
  • Work closely with the management team and Agile coaches to transform requirements into tangible deliverables.
  • Adhere to and comply with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
  • Adhere to Bank policies and procedures and complete required training.
  • Identify and report suspicious activity.

Requirements

  • Bachelor's Degree in Business Administration or related fields or comparable experience in Computer Information Systems, and/or Engineering with the appropriate emphasis in Cloud and Enterprise networking and security design/administration required.
  • Experience with AWS network services such as CloudFront, VPCs and subnets, Direct Connect, Transit Gateway, NACLS & Security Groups, WAF, etc. required.
  • Experience with AWS native network security controls eg AWS Firewall Manager, WAF, GuardDuty, etc. required.
  • Experience in AWS network and application load balancing required.
  • Experience with Terraform for IaC (infrastructure as code) and automated deployment of cloud infrastructure assets required.
  • Experience with New Relic, AppDynamics, or similar Application Performance Monitoring required.
  • Experience with SIEM technology (both facilitating the ingestion of network/network security logs and the correlation thereof) required.

Nice-to-haves

  • Experience with securing Meraki Wireless Technologies preferred.
  • Experience with multi-cloud networking design preferred.
  • Experience with AWS multi-region network resiliency design preferred.
  • Experience with AWS Organizations (or Azure Management Groups/Policy) for global cloud account policy enforcement preferred.
  • Experience with AWS Route 53 and Azure DNS preferred.
  • Experience as a network security engineer working in environments, preferably with Palo Alto, Checkpoint, Zscaler, etc. preferred.
  • Experience with VPN and secure remote work enablement tools preferred.
  • Experience with AWS Certificate Manager or other certificate management solution preferred.
  • Experience with global WAF and load balancing services such as CloudFlare and Akamai a plus.
  • Experience with KMS is a plus.
  • Experience with Okta, Microsoft Entra, and/or IAM policies is a plus.
  • Experience creating Network and Security Diagrams using Visio and/or Lucid Charts preferred.

Benefits

  • Tuition reimbursement
  • Career coaching
  • Courses and training through GO FOR MORE™ Academy
  • Mentoring opportunities through iCARE™ program
  • Hybrid work environment
  • Remote work environment for designated positions
  • Work-life balance with retail branches operating Monday - Friday, excluding evening and/or weekend hours.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service