This position is a direct hire opportunity in Metro, Detroit
This role involves guiding and mentoring team members in
resolving cloud-related issues, responding to security incidents, and developing and
implementing cloud security best practices across the organization. Additionally, the Senior
Cloud Security Engineer will assist in the monitoring, analysis, and investigation of security
events within the Trust’s environment and play a key role in supporting the incident response
process.
Roles and responsibilities
? Security Controls Management: Implement, manage, and monitor robust security controls
for Azure cloud, SaaS environments, and legacy on-premise environments. Helping to
ensure protection across all platforms.
? Threat Modeling & Security Assessments: Conduct comprehensive threat modeling and
security for cloud infrastructure. Prioritize security risks and address vulnerabilities that
impact the Trust’s capacity to safeguard, detect, investigate, and recover from security
incidents.
? Security Reviews: Perform security reviews on high-risk Azure features, including design,
source code, or final product evaluations. Leverage or develop new tools (e.g.,
static/dynamic analysis) to increase work efficiency and quality. Lead efforts to address
security flaws and proactively implement security hardening measures to mitigate future
vulnerabilities.
? Manage Defender for Cloud settings and configurations. Work with infrastructure team on
remediations of security and compliance related gaps.
? Collaboration: Work closely with IT and other cross-functional teams to secure cloud
infrastructure and SaaS applications, incorporating IT and compliance risk considerations
in security implementations.
? Container Security: Ensure the security of containerized applications through the
application of Kubernetes and microservices security best practices. Architect secure
container environments, including Kubernetes clusters and Docker setups, with an
emphasis on vulnerability reduction and compliance.
? Integration of Security in SDLC: Collaborate with cross-functional teams to integrate
security best practices into the software development lifecycle (SDLC) and continuous
integration/continuous deployment (CI/CD) pipelines.
? SOC Tools & Technologies: Maintain operational readiness and optimize configurations of
SOC-related tools and technologies such as SIEM and Vulnerability Management systems.
Partner with the Managed Security Service Provider (MSSP) to investigate security events
and incidents.
? Incident Response: Manage incident response workflows and assist with security incident
investigations, ensuring rapid and effective responses.
? Automation & Optimization: Implement and maintain event correlation rules, dashboards,
and scripts to automate tasks and enhance security monitoring processes.
? Policy & Standards Development: Contribute to the creation and refinement of security
policies, standards, and incident response playbooks to enhance organizational security
postures.
? Security Project Leadership: Lead or significantly contribute to high-profile security
projects, ensuring alignment with the Information Security Strategy while adhering to
financial constraints.
Required Experience
? 5+ years of experience in Information Security. At least 3 years of Azure security
experience.
? In-depth knowledge of a wide variety of Microsoft Azure products and services.
? Deep experience in cloud security including IAAS, PAAS, and SAAS
? Experience with cybersecurity frameworks such as CSM, NIST CSF, ISO 27001, or CIS
Controls. A General understanding of COBIT is preferred.
? Experience in Programming (Python, .Net or C# or equivalent).
? Experience with writing tools, automation, and enhancements in arbitrary subcomponents
of services/products to deliver and manage software in production (both around services,
and within them).
? Experience with PowerShell/Scripting, Windows Services infrastructure to automate day to
day activities.
? Required flexibility to work outside of business hours in the event of an emergency.
? Team-oriented and skilled in working within a collaborative environment.
? Proven analytical and problem-solving abilities.
? Ability to effectively prioritize and execute tasks in a high-pressure environment.
? Strong written, oral, and interpersonal communication skills.
? Exceptional interpersonal skills, with a focus on listening and questioning skills.
Preferred Experience / Credentials
? One or more of the following certifications: CISSP, CCSP, CompTIA Security +; SANS-
GIAC certification (GCIH, GREM, GNFA, GPEN, GWAPRT), EC-Council CEH, or other
relevant security certifications.
? Experience in the Healthcare and/or Finance Industry.
Leadership Competencies
Leaders of the Trust are expected to demonstrate relevant leadership competencies as
specified in the Trust’s competency definitions.
Personal Effectiveness Competencies
All employees of the Trust are expected to demonstrate relevant personal effectiveness
competencies as specified in the Trust’s competency definitions.
Working Conditions and Physical Effort
? The physical requirements of this position are typical of office work.
? Travel as required between Trust sites.
