GuidePoint Security is hiring a
Cloud Security Engineer

Summary

Join GuidePoint Security as a Cloud Security Engineer and partner with customers to advise, develop, implement, and run CNAPP Cloud Security tools. As part of a growing team of highly skilled cybersecurity experts, you will constantly learn about and utilize the newest cloud security technologies.

Requirements

• At least 3 years of experience working in Cloud Security with Amazon AWS, Microsoft Azure, or GCP
• Experience with Cloud Security tools like: Wiz.io, Orca, Lacework, Trivy, Aqua, Ermetic or Prisma Cloud
• Experience with integrating tools into development pipelines such as Azure DevOps, Jenkins, Etc
• Understanding of a broad range of Cloud Security issues as well as their mitigation strategies
• Understanding of Cloud Security-related vulnerabilities
• Experience developing code in Terraform, Python, PowerShell, Rego, and other languages
• Written communication skills for written interactions with clients
• Strong communication skills include articulating thoughts and refining complex problems into digestible information clearly
• Ability to manage time independently while handling multiple projects concurrently
• Bachelor’s degree in computer science or information Security preferred
• Cloud Security certifications are preferred

Responsibilities

• Perform implementation of CNAPP and CSPM tools in multi-account AWS and Azure environments
• Implement IaC scanning tools within the CI/CD Pipelines
• Develop Infrastructure as code in Cloud Formation or Terraform
• Develop custom control checks within CNAPP Platforms using JSON, REGO, or Terraform
• Analysis – identifies and evaluates potential threats and vulnerabilities to the public cloud environments network, applications, infrastructure, and systems
• Issue Resolution – leads the resolution of identified issues in public cloud environments. Vulnerabilities – Cloud, System, and Application
• Compliance – CIS, NIST, AWS, and Azure best practices
• Cloud Entitlements – Excessive Permissions and various IAM best practices
• Secrets – unprotected secrets on VMs, Containers, and IaC repositories
• IaC – misconfigurations and vulnerabilities within developed IaC
• Deep understanding of Kubernetes and microservices security best practices
• Performs container registry scanning
• Reviewing and creating metrics, KPIs, and KRIs to track overall cloud security posture
• Create, maintain, and update runbooks for cloud configuration checks
• Assess the overall security posture of cloud security infrastructure and workloads
• Advise customers on Cloud security best practices

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• 100% employer-paid medical premiums (employee only $0 deductible and HSA plans) along with 75% employer-paid family contributions
• 100% employer-paid dental premiums (employee only) along with 75% employer-paid family contributions
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option