Cloud Security Engineer
1) The tissue in plants that brings water upward from the roots;
2) a leading global water technology company.
We’re a global team unified in a common purpose: creating advanced technology solutions to the world’s water challenges. Developing new technologies that will improve the way water is used, conserved, and re-used in the future is central to our work. Our products and services move, treat, analyze, monitor and return water to the environment, in public utility, industrial, residential and commercial building services settings. Xylem also provides a leading portfolio of smart metering, network technologies and advanced analytics solutions for water, electric and gas utilities. In more than 150 countries, we have strong, long-standing relationships with customers who know us for our powerful combination of leading product brands and applications expertise with a strong focus on developing comprehensive, sustainable solutions.
For more information on how Xylem can help you, go to www.xylem.com
Sensus, a Xylem brand, helps a wide range of public service providers – from utilities to cities to industrial complexes and campuses – do more with their infrastructure to improve quality of life in their communities. We enable our customers to reach farther through the application of technology and data-driven insights that deliver efficiency and responsiveness. We partner with them to anticipate and respond to evolving business needs with innovation in sensing and communications technologies, data analytics and services. Learn more at sensus.com and follow @SensusGlobal on Facebook, LinkedIn and Twitter.
The Role: The Cloud Security Engineer will support the Sensus Managed Services Security Operations Manager in providing the highest quality of security engineering solutions to our Sensus SaaS and Xylem Xcloud clients. The Cloud Security Engineer will be help design, implement, assess, and deploy cyber solutions. This role is primarily focused on threat protection and enhancing the security of the AWS environment. This includes responsibility for day-to-day activities, security operations and the information security of the LAN, WAN, VPCs, and server infrastructure in our NA data centers and AWS. The Cloud Security Engineer will be responsible for development, implementation and maintenance of security solutions, including the ongoing assessment, tracking of and adherence to required security policy, guidelines and best practices across the customer solutions computing environment and will execute security policy, processes, procedures and protocols for networks and monitoring and will be responsible for keeping current with related security technology trends applicable to the environment. We are looking for someone with a strong background in security engineering and a proven ability to deliver under pressure in a 24/7 supported operations environment.
Duties and Responsibilities
- Provide subject matter expertise in Cloud technologies and support security documentation by providing SME input into policy, standards, and guidelines
- Conceive new solutions to problems and take them through rapid prototyping, validation, iterative development and continuous test and deployment.
- Design and implementation of security technology solutions related specifically to security requirements of cloud hosted systems
- Design, architect, and implement network security features and functionality such as network access controls, inbound and outbound traffic filtering and monitoring, subnetting for isolation, etc
- Research, evaluate, design, test, recommend, and implement network security tools such as proxy servers, IDS/IPS tools, DDoS prevention tools, etc.
- Research emerging technologies in support of operational security control implementation and enhancements
- Administer network security and computing devices/systems that enforce security policies and controls in the Xylem/Sensus cloud environments
- Support a wide range of security technologies including, but not limited to: SIEM, NIDS/IPS, HIDS, malware analysis and protection, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensic analysis software and security incident response
- Respond to external audits, penetration tests and vulnerability assessments
- Develop a library of deployable and documented cloud design scripts, processes, and procedures
- Perform project leadership tasks on select security projects
Skills and Competencies
- Experience with AWS management tools such as AWS Config, Cloudtrail, Cloudwatch, Systems Manager, Trusted Advisor, WAF, etc.
- Experience with Cyber-Ark, TrendMicro Deep Security, SafeNet/Gemalto Authentication, Tenable Security Center, Nessus Scanner, Qualys, Passive Vulnerability Scanner, ArcSight SIEM, ArcSight Logger, Twistlock, Sumo Logic.
- Experience with build/deployment tools and related environmental artifacts (such as Salt, Chef, Jenkins, Jira, Subversion and Git)
- Proven project management and organizational skills, specifically managing multiple concurrent projects
- Experience securing and supporting MongoDB, CouchDB or Cassandra
- Understand how to design and implement security tests in accordance with stated criteria
- Superior analytical, problem solving and decision making skills, applied with a solution-focused attitude
- Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
- Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
- Experience with the Atlassian Tools (Jira, Confluence, Bitbucket)
- Excellent teamwork skills
- 3 or more years of experience with the secure design and deployment of systems using AWS
- 3 or more years of experience with AWS security services, including: IAM, CloudWatch, CloudTrail, KMS, and/or Inspector
- 3 or more years of experience designing, developing and/or deploying security tools and technologies for cloud architectures
- High degree of comfort using containerization technology, minimally including Docker and Kubernetes
- Must have solid background with Linux, Windows OS and network security
- Proficiency with firewalls and rule reviews, IDS/IPS (Network and Host level), vulnerability assessment tools, DLP, Wireless IDS/IPS, sniffers, TCP/IP protocol stack and the OSI layer, content management and filtering systems, VPN, remote access AAA, application white listing, password management/vaults, log management and correlation, and device/application hardening requirements
- Senior-level working knowledge of AWS tools including: VPCs, security groups, EC2, Route53, IAM, KMS, S3, CloudFormation, CloudWatch, Shield, WAF, etc.
- Proficiency in vulnerability management. Specifically with Nessus, Security Center, Tenable.io
- Experience with configuration management and automation (Terraform, Jenkins, DSC, Ansible, etc.)
- Proficient with OpenStack, Google Cloud Platform, Azure and/or IBM Cloud
- Experience maintaining unified security solutions across disparate cloud technologies, accounts, services, and landscapes
Certifications and Education
- Bachelor’s Degree in Information Systems, Computer Science, Computer Engineering, Information Security or related field required.
- Required: Certified Information Systems Security Professional (CISSP), AWS Certified Security Specialty
- AWS Certifications (Developer, DevOps Engineer, Solutions Architect, etc) – Strongly Preferred
- Any of the following a plus: CISA, CEH, CSSLP, CHFI, CCSP, GCIH, GCIA, GSEC, PMP
Key traits for success in this role
- Flexible: Adjusts job responsibilities to accommodate changing priorities while managing multiple tasks and projects
- Composed: Remains calm under pressure, relates in a professional manner with colleagues throughout the organization at all times
- Organized: Demonstrates strong organizational and time management skills, attention to detail and accuracy, and punctuality
- Team-oriented: Takes ownership of assigned tasks and projects while supporting and assisting other team members
- Work ethic: Confidential, empathetic and diplomatic in all interactions; anticipates varying inquiries; demonstrates good instincts; adapts to changing priorities and manages expectations accordingly
(The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
- Regularly required to sit or stand, reach, bend and move about the facility
(The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
- Office: Standard office equipment; work usually performed in an office setting free from any disagreeable elements.
- Standard weekly job hours: 40 hours
Xylem is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.