Support cloud controls to holistically enable the Anthem’s Cloud Security strategy and share considerations into improving security methodology, program capabilities and focus areas for maturity for the following areas:
· Visibility Cloud services are provisioned within enterprises with proper management and oversight.
· Security is integrated into business awareness.
· Compliance models for cloud;
· Data properly protected at rest and in transit.
· Accountable for effectual partnerships with peer teams to drive secure design, implementation and orchestration of complex, multi-product solutions for cloud systems.
Primary duties may include, but are not limited to:
· Act as an advocate of information security policies, standards, and controls and as an enabler to the business while managing risk appropriately
· Provide mentorship and knowledge transfer to security team members
· Excellent communication skills -able to effectively and professionally collaborate with company stakeholders and business partners
· Ability to think strategically, plan methodically, and execute tactically
· Take ownership of personal and professional development and training needed to excel
· Evaluate and recommend new products, maintain knowledge of emerging technologies, cloud security standards and regulations for application to the enterprise
· Support initiatives to secure cloud solutions by specifying methodologies; implementation and calibration; preparing preventive, detective, and reactive security measures, and support documentation
· Identifying, communicating, and mitigating security risks in on-premises or hybrid/multi-cloud deployments
· Producing metrics to measure the efficacy and effectiveness of the responsible areas of security program and reporting regularly
· Gather requirements, plan, and assess the current configuration
· Work with outside vendors and consultants to successfully test and integrate new technology
· Demonstrate good judgment in solving problems as well as identify problems in advance and propose solutions
· Ensure compliance with company policies and standards
· Aid vulnerability management and help resolve findings of security assessments and other risk management activities
· Respond to information security incidents/tickets in a timely manner
· Help the security team to maintain a level of excellence
· Develop and evaluate performance metrics to establish process success
· Design, document and implement procedures and techniques that are consistent with best practices for analyzing and evaluating the risk (software & business), accuracy, completeness, internal integrity/consistency, testability, and overall quality of system
· Research emerging technologies and identify opportunities for adoption
· Track operations and constantly look for ways to make things work better, faster, and smoother
· Collaborate on and adhere to security engineering standards, methodologies, and sustainable processes
· Prefer BS/BA in related field; or any combination of education and experience, which would provide an equivalent background
· Requires 5+ years’ experience within IT – developer, Security, System Automation, AWS; or any combination of education and experience, which would provide an equivalent background.
· Demonstrated troubleshooting skills.
· Strong scripting / coding skills (Python, Java, C#).
· Familiarity with Terraform and/or CloudFormation (e.g., JSON).
· 5+ years of experience in cloud security, engineering, network security
· Knowledge of leading practices for security design, implementation, and support of public and private cloud services
· Strong understanding of multi-cloud platforms (Azure, O365, AWS, etc.) to be able to identify and prioritize potential security challenges
· Hands-on experience with cloud security, firewalls, DMZ, VPN, and intrusion detection technologies
· High level of knowledge associated with incident response activities in a distributed environment
· Security, cloud, or networking certification preferred (e.g., CCSP, SSCP, CISSP, CCSK, CCNA)
· Familiarity with security industry standards (ISO 17799, NIST 800 series, etc.) and best practices
· Working knowledge of network and/or security technologies
· Knowledge of security auditing procedures.
· Understanding of containers and Microservices
· Knowledge or experience with automated security validation or event-driven automation.
· Clear understanding of overall systems architecture and how to leverage specific components.
· Understanding of Cloud infrastructure environments and the challenges associated with Enterprise integration, with demonstrated ability to grasp and contribute to big-picture strategy.
· Experience in hands-on roles, with knowledge of security-focused or automation tasks.
· 3 years’ experience in systems administration and security aspects of enterprise information systems, networking, systems development and management lifecycle;
· significant experience with multiple technical and business disciplines required; requires broad-based experience to plan and design highly complex systems; or any combination of education and experience, which would provide an equivalent background
· Demonstrated experience or substantial knowledge in supporting competencies in cloud security standards and controls
· Demonstrate high degree of technical security tooling in commercial cloud environments and diverse experience within platform security and applications experience to enable native cloud solutions
· Technical expertise to understand multiple cloud platforms (AWS, GCP, Azure)
· Technical and conceptual knowledge of configurations in cloud platforms and expertise of AWS security stack e.g. Cloud trail, Cloud watch, Guard Duty, Config, etc.
Preferred experience, knowledge or certifications:
· Cloud Security–related certifications.
· Experience in programmatic integration with ticketing and asset management systems.
· Strong verbal/written communication skills.
· Demonstrated teamwork skills, with the ability to thrive in a fast-paced work environment.
· Demonstrated ability to work independently with little or no supervision.
· Experience in aggregating automation metrics and reporting.
· Anthem Cloud experience is strongly preferred.