Description

• Engineer and maintain security solutions in a dynamic private and public cloud environment 
• Secure applications and infrastructure in a large multi-account AWS Organization 
• Conduct detailed assessments of systems, applications, and infrastructure to ensure they are appropriate, secure, and defensible based on least privilege
• Respond to and mitigate security incidents (ex. threat hunting, event analysis, investigations, post-incident analysis, etc.) 
• Develop and implement security strategies and policies to protect the organization's cloud assets 
• Integrate security tools into SIEM and SOAR platforms to feed to security operations
• Serve as a subject matter expert and provide expertise on topics related to cloud security 
• Enhance enterprise security posture to better protect against attacks and detect new threat vectors
• Assess and analyze security risks, recommending and implementing measures to mitigate identified risks
• Self-organize and prioritize activities independently. 
• Create and maintain documentation and perform status reporting. 

• Bachelor of Science degree in Computer Science, Information Assurance, or a related field with a minimum of 5 years hands-on experience in a security engineering role
• Industry relevant professional certifications including but not limited to: CISSP, CCSP, GIAC Cloud Security Automation (GCSA), GIAC Cloud Penetration Tester, (GCPN), SANS GIAC Public Cloud Security (GPCS), CCSK, AWS Solutions Architect – Associate, AWS Solutions Architect – Professional, AWS Certified Security – Specialty 
• Strong understanding of security in core AWS services (EC2, ECS, Lambda, IAM) 
• Strong understanding of serverless technologies and security implications deployed in public cloud – AWS Lambda, Containers (ECS Fargate, EKS) 
• Experience in engineering cloud security guard rails in AWS/Azure 
• Expertise in securing container images at rest, build, and runtime 
• Experience with Cloud Security Posture Management (CSPM) tools (ex. AWS Config, Cloud One Conformity, Wiz.io, AWS Security Hub, Azure Security Center) 
• Experience with Key Management - Privileged account management solutions in the cloud for key management, service account and secrets management, rotation, and event response, including tools such as Secret Server (Thycotic), Vault (HashiCorp), Cloud KMS, or similar tool set
• Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation
• Ability to mentor and train team members to work effectively and securely in the cloud 

• Hands-on experience implementing security tools into CI/CD pipelines 
• Experience with web application security and penetration testing 
• Experience with Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions
• Experience with various virtualization and cloud technologies including on-prem virtualization, SaaS, PaaS, & IaaS
• Experience with both Windows & Linux based operating systems
• Knowledge of risk management and NIST Cybersecurity Framework controls 
• Working knowledge with automation and monitoring platforms 
• Experience operating security training and awareness programs 

• Competitive compensation, benefits and generous time-off policies
• 4-Day summer work weeks and a winter holiday break
• 401(k) / DCPP matching
• Annual bonus program
• Casual, dog-friendly, and innovative office spaces

• 10X Virginia Business Best Places to Work
• 9X Washingtonian Great Places to Work
• 9X Washington Post Top Workplace
• St. Louis Post-Dispatch Best Places to Work 

About CARFAX

CARFAX, part of S&P Global Mobility, helps millions of people every day confidently shop, buy, service and sell used cars with innovative solutions powered by CARFAX vehicle history information. The expert in vehicle history since 1984, CARFAX provides exclusive services like CARFAX Used Car Listings, CARFAX Car Care, CARFAX History-Based Value and the flagship CARFAX® Vehicle History Report™ to consumers and the automotive industry. CARFAX owns the world’s largest vehicle history database and is nationally recognized as a top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Service, Sell – Show me the CARFAX™. S&P Global Mobility is a division of S&P Global (NYSE: SPGI). S&P Global is the world’s foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets.

CARFAX is an Affirmative Action/Equal Opportunity Employer. It is the policy of CARFAX to provide equal employment opportunity to all persons regardless of race, color, sex, pregnancy, religion, national origin, age, ancestry, citizenship status, veteran status, military status, disability or handicap, sexual orientation, genetic information or any other status protected by federal, state or local law. In addition, CARFAX will provide reasonable accommodations for qualified individuals with disabilities. We maintain a drug-free workplace. We are a participant in E-Verify.