Cloud Security Engineer

Scope of Work: The Cloud Security Engineer will work closely with the Integration Modernization team to design, implement, and monitor security measures across various integration tools. They will ensure the integrity, confidentiality, and availability of data as it flows between systems. The security engineer will also assist in defining policies and best practices for integrating TIBCO, APIGEE, Kafka, and any future tools. This role will involve both strategic planning and tactical implementation.

Key Responsibilities:

1. Security Assessment and Risk Management:
   • Conduct security risk assessments for integration tools (TIBCO, APIGEE, Kafka, etc.)
   • Identify and mitigate potential vulnerabilities in cloud-based architectures.
   • Ensure proper encryption and key management protocols are in place.
2. Architecture and Design:
   • Collaborate with solution architects to design secure integration architectures, ensuring proper authentication, authorization, and data protection across the platforms.
   • Work with cross-functional teams to integrate security into DevOps pipelines, CI/CD workflows, and API lifecycle management.
3. Tool and Platform Security:
   • Ensure security configurations of TIBCO, APIGEE, Kafka, and other integration tools are aligned with industry standards and organizational policies.
   • Manage security integrations with the client's identity management systems.
4. Monitoring and Incident Response:
   • Set up continuous monitoring for security events and anomalies across the integration platforms.
   • Respond to security incidents and provide remediation guidance in the event of breaches or vulnerabilities.
5. Compliance and Auditing:
   • Ensure compliance with relevant industry standards and regulations (e.g., GDPR, HIPAA, SOC 2, etc.) for the tools and services in use.
   • Conduct regular audits of security controls and recommend improvements as needed.
6. Documentation and Knowledge Transfer:
   • Maintain up-to-date security documentation for each platform transferring monitoring and incident response to the Security Operations Center.
   • Conduct knowledge transfer sessions for the wider IT and security teams to ensure ongoing security practices are followed.

Skills and Experience Required: The ideal candidate will have a combination of the following skills and experience:

Technical Skills:

• Cloud Security Expertise: Experience securing cloud-based architectures, including AWS, Azure, or Google Cloud.
• Integration Platforms: Deep knowledge of integration tools such as TIBCO, APIGEE, and Kafka with a focus on security.
• API Security: Expertise in securing APIs using industry-standard protocols (OAuth 2.0, OpenID Connect, JWT, etc.).
• Network Security: Knowledge of securing microservices, messaging systems, and network communication in hybrid and multi-cloud environments.
• Identity and Access Management (IAM): Experience implementing IAM solutions for integration platforms, including SSO, RBAC, and MFA.
• DevSecOps: Familiarity with CI/CD pipelines and automating security controls within development processes.

Experience:

• 5 years in cloud security or security engineering, with at least 2 years of direct experience securing integration technologies.
• Experience working in large-scale enterprise environments, particularly in industries where security and compliance are critical.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.