Cloud Security Architect

Are you a cloud security expert with deep experience across AppSec, InfoSec, infrastructure, and DLP? Do you want to help shape, design, and execute secure architectures across Azure and AWS while managing complex enterprise security initiatives? If so, then you might be Fivesky’s next Cloud Security Architect!

Who you are:

• A strategic thinker with a Bachelor’s (and 5+ years) or Master’s (and 1+ year) in Computer Science, Computer Engineering, or a related field.
• Experienced in Cloud Security Architecture or as an Information Security Engineer, specifically with enterprise-grade systems.
• Deeply familiar with cloud platforms like Azure and AWS, including services across IaaS and PaaS environments.
• Comfortable working in regulated, enterprise environments with complex security and compliance requirements.
• Able to create processes, develop and design plans, and manage security team execution.
• Experienced in stakeholder collaboration, documentation, and the delivery of security solutions at scale.

It would be awesome if you had:

• Experience onboarding complex applications and leading cloud migration efforts from on-prem to cloud.
• Proven ability to design and implement security solutions aligned to industry best practices and regulatory standards.
• A history of writing and maintaining cloud security documentation, standards, and Security Reference Architectures.
• Hands-on experience acting as an SME for AppSec, InfoSec, or infrastructure security across cloud environments.
• Conduct collaborations across architecture and engineering teams in large organizations.

What you will do:

• Create processes, develop and design plans and manage security team execution.
• Work closely with stakeholders and present documentation and security solutions
• Act as an SME when it involves AppSec, InfoSec, or Infrastructure security around Cloud, designing and architecting solutions for your organization.
• Collaborate with other teams involved in architecture design.
• Identify potential risks of projects, document and address those risks and work with other teams to resolve the issue.
• Work with design, testing, and integration of security controls within an Enterprise environment.
• Provide hands-on direction with application, technology risk management, and/or infrastructure security assignments.
• Assess current security processes and offer recommendations to all levels within the organization up to the C Suite.
• Perform thorough documentation of the development and implementation of processes.
• Define strategy for the secure use of cloud services. Develop security requirements governing the use of individual cloud services and collections of cloud services in a design pattern.
• Document security controls, requirements, designs, and configurations.
• Engage proactively with customers to better understand their needs and risks.
• Assess current risk associated with cloud services, and the change in risk posture over time as cloud security controls are implemented.
• Advise Data Loss Policy development as per company’s evolving business needs and configure DLP policies to prevent data loss in email and web traffic.
• Perform DLP three-tier installations and version upgrades for production, along with conducting periodic health checks and performance assessments.
• Create procedures and workflows for production deployment and publish fixes in knowledge base.
• Configure Network scans on appropriate DLP detection servers to identify stored sensitive information at-rest and quarantine data classified as Restricted.
• Generate data indexes/fingerprints remotely to be later used in detection rules within DLP policies for exact data match (EDM) detection.
• Integrate/Extend DLP capabilities to cloud applications for monitoring protected data-in-motion and data-at-rest using Cloud Access Security (MCAS/CASB).
• Automate various aspects of security procedures using scripting languages based on Operating system in use.
• Configure detection server settings to route network traffic through specific TCP ports for different network protocols.
• Build DLP detection rules to monitor information being stored and transferred over different TCP ports from endpoint devices.
• Configure prevent actions for protocols like HTTP/S, FTP, SMTP, SMB, SFTP, etc., including web block, email encryption and quarantine response rules for outgoing traffic.
• Troublehoot Network issues relating to Firewall, traffic routing, network proxy, gateway — involving application and transport layer network protocols.
• Develop Proxy auto config (PAC) files to route network traffic through defined proxy servers and configure IP addresses of specific ‘Network Prevent’ DLP detection servers to use ICAP protocol.
• Understand network diagrams and network technologies like VPN tunneling, Network Address Translation (NAT), OSI model, LAN/WAN, SSL, packet trace analysis, etc., for structuring the DLP network architecture and network traffic routing.
• Collaborate with Operations team to support troubleshooting of production issues and perform root cause analysis on data loss due to detection fails on network or email traffic from the DLP system.

Who we are: 

• Fivesky is a fast-growing, global technology solution provider. We partner with the world’s largest financial service firms to deliver networking/infrastructure, cybersecurity, and cloud-based solutions for complex, global projects. 
• At Fivesky, our employees are our greatest asset, and we strive to build a strong team culture centered on highly competitive compensation, professional development, career advancement, and fun.
• This is an FTE position in Arlington, VA or unanticipated client sites within the US. The compensation package is based on experience and qualifications. The base salary range for this role is $ 173,056 - $180,000 per year. Benefits include: PTO/ paid sick leave, holidays, Health, Dental and Vision insurance, Retirement.
• Fivesky is an equal-opportunity employer. Fivesky prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, sex, age, color, religion, national origin, sexual orientation, disability status, genetic information, protected veteran status (United States positions), or any other characteristic protected by law. 
• Mail Resumes to:Fivesky, LLC, 1 Pennsylvania Plaza, Suite #2222, New York, NY 10119

(FS-RID-0467)