Surescripts - Raleigh, NC

posted about 1 month ago

Full-time - Senior
Raleigh, NC
251-500 employees
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Senior Cloud Security Engineer - GCP is responsible for architecting, deploying, and operating secure cloud infrastructure that meets business needs. This role focuses on enhancing the company's security posture within its cloud computing environment, assessing threats, and implementing security measures to protect the business from risks associated with cloud technologies.

Responsibilities

  • Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
  • Secure business applications and computing environments across commercial, private or hybrid cloud infrastructures.
  • Protect business applications in compliance with privacy, security, business resiliency and compliance frameworks as defined in corporate policies.
  • Maintain a consistent, secure cloud security environment and conduct rigorous oversight of security systems and security configuration administration.
  • Deploy strong identity and access management (IAM) controls across applications and computing environments.
  • Assist with development, maintenance, and utilization of scripts (e.g., Python, Ruby, PowerShell, JavaScript) to support custom extract, transform load (ETL) tools with a security focus for data flow.
  • Attend regular technical project and implementation meetings and serve as the security consultant to help guide secure cloud application and infrastructure configurations.
  • Actively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments.
  • Manage remediation efforts after security assessment findings identify weaknesses requiring attention.
  • Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
  • Assist in maintaining strong oversight with cloud computing vendors and solution providers to safeguard against undue risk presented by external entities.
  • Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
  • Serve as a key resource in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement with security operations and incident response teams.
  • Attend and fully engage in change and project management meetings.
  • Produce security metrics for security and business leaders.
  • Provide and participate in cross training to ensure business continuity.
  • Perform other duties as assigned.

Requirements

  • Bachelor's degree in computer science, information systems, MIS or related field, or equivalent experience.
  • 5+ years of experience in progressive, related experience in cybersecurity as a practitioner.
  • 2+ years of experience with Google Cloud Platform (GCP).
  • Strong Linux and Windows support skills.
  • Experienced in cloud networking architecture and cloud operations.
  • Familiarity with tools such as Terraform, Git, Jenkins, Chef, Puppet and Salt.
  • Network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP and public key infrastructure (PKI).
  • Familiarity with security solutions such as CrowdStrike, Tenable, XSOAR, Proofpoint, Splunk.
  • Experience with scripting languages such as Python, Ruby, PowerShell and JavaScript.
  • Experience and understanding of various regulatory requirements and laws, including but not limited to: HITRUST, HIPAA, NIST, SOC2.
  • Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
  • Cyber security experience and proficiency in: API's, infrastructure layers, hardware, OS, virtualization, storage, network, database and other related systems and technologies, information security risk and vulnerability remediation, automation and scripting, network monitoring, malware protection and analysis, intrusion detection and SIEM systems.
  • Solid understanding of data security requirements, policies, compliance, auditing and regulatory processes.

Nice-to-haves

  • Holds or working toward one or more: CCSP, CISSP, GCP Certification.

Benefits

  • Comprehensive healthcare (including infertility coverage)
  • Generous paid time off including paid childbirth and parental leave and mental health days
  • Pet insurance
  • 401(k) with company match and immediate vesting
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service