Cloud Security Engineer

The salary of the finalist selected for this role will be set based on a variety of factors, including but not limited to departmental budgets, qualifications, experience, education, licenses, specialty, and training. The above hiring range represents the University's good faith and reasonable estimate of the range of possible compensation at the time of posting.

Position Summary

The Cloud Security Engineer will report to the Chief Information Security Officer.

This security engineer will conduct reviews of complex information systems, platforms, and processes in accordance with established regulations and organizational standards. This candidate will be the lead Information Security principal responsible for ensuring that cloud infrastructure and applications are deployed with the highest level of security safeguarding CUIMC's vital cloud and mixed infrastructure environment.

They will also assist with IT security operational tasks, incident response, deployment of managed systems, and drive process improvements through the effective use of deployed systems, especially between Security Operations and Information Security Risk Assessment, Networking, IT Help Desk, IT Stakeholders, and other business process owners.

Responsibilities

ESSENTIAL FUNCTIONS

• Coordinating and leading Cloud security analysis, investigations, and application deployments. 60%
• Process improvement through the effective use of deployed systems MCAS, AWS Config, SEIM's, DLP. 20%
• Support and engage Information Security Operations engineers on projects and security initiatives. 10%
• Additional duties as assigned. 10%
• Document and define baseline configurations necessary to ensure that cloud applications are instantiated with appropriate security standards in place.
• Propose adequate authentication protocols, processes and components to support secure cloud application access.
• Support security design and architecture by identifying and communicating complex cloud application design principles to relevant stakeholders.
• Perform in-depth reviews to identify security gaps and validate overall security posture of third-party cloud applications.
• Evaluate and propose add-on components essential to address cloud security requirements for institutional and regulatory compliance.
• Identify security requirements for adequate logging and SecOps monitoring of cloud tools to support event alerting and metrics delivery for security improvements.
• Create / develop in-house security tools to support automated compliance checking of cloud app security environments.
• Lead and support as necessary investigations of cloud related security incidents.
• Deploy and manage secure Cloud working environments for ISO operations.
• Perform other related duties and responsibilities as assigned / requested.

Minimum Qualifications

• Bachelors Degree or equivalent in education and experience, plus four years of experience.

Preferred Qualifications

• Strong foundational knowledge of GCP, AWS, and Azure security principles and components, including SaaS, PaaS, IaaS infrastructures.
• Strong knowledge and operational understanding of cloud security components such as CASB, cloud configuration templates, cloud resource monitoring, cloud access and authorization (SAML, OATH etc.).
• Considerable exposure to cloud security frameworks, including cloud container security and application containerization.
• Proficiency in programming and / or scripting, with particular emphasis on cloud-based languages (Python, .NET, Node.JS, Golang, Ruby, etc.).
• Demonstrated experience with the capabilities and APIs of multiple major cloud providers (AWS, Google, Azure)
• Ability to evaluate cloud security risks and recommend appropriate security controls.
• Demonstrated experience in securing enterprise systems with a mix of cloud and on-prem environments.
• Strong Knowledge of both network and system-level vectors of cloud-based attacks.
• Proficiency in determining the root cause of security issues and a solid understanding of exploits and vulnerabilities.
• Familiarity with web application security vulnerabilities, such as XSS, SQLi, CSRFs.
• Good understanding of Microsoft enterprise environments and integration to secure applications and cloud systems.
• Extensive experience in applying appropriate security principles in a dynamic environment that prevents unauthorized access to the network or parts of the network.
• Knowledge of cryptography as it relates to application and network security.
• Ability to prepare both executive and detailed reports on risk findings and status. Ability to develop remediation plans and guide departments with remediation strategy. Strong service commitment, and verbal, writing, and reporting skills.
• High level of integrity, and sound judgment concerning security and privacy.
• Good written and verbal communication skills.
• Ability to understand and work with healthcare professionals, educators, researchers, students, and administrative staff.
• Ability to work independently with minimal supervision as well as be creative and innovative at conducting a high volume of risk analyses while reporting accurate and relevant risks to the appropriate constituents.
• Strong background information security practices with significant experience in a complex, multiplatform, higher education or healthcare IT environment.

Other Requirements

• Professional Cloud Security and Design training (CCSP, CCSK, PCSE).
• Experience working in a HIPAA / HITECH / OMNIBUS-regulated environment. Functional knowledge of the HITRUST CSF based on practical working experiences and a functional knowledge of security standards such as HIPAA / HITECH, PCI-DSS, ISO 27001 / 2, NIST
• Experience working in an academic medical center or hospital environment a plus.
• Project planning or team lead experience.

GIAC Cloud certification (GCLD, GWEB, GPCS, GCSA, GCPN), any cloud platform certification (AWS, GCP, Google).

Equal Opportunity Employer / Disability / Veteran

Columbia University is committed to the hiring of qualified local residents.