AWS Cloud Security Specialist

On-Site Interview: Senior AWS Cloud Security Specialist _ Washington, DC

Visa status: US Citizen Only

Interview Type: Selected candidates will participate in a phone screening. Those that pass the phone screening may be invited to an in-person interview. The use of video conference tools (e.g., MS Teams or Webex) can be used in accordance with agency guidelines.

Primary Place of Performance: On-site at FRB locations, Washington, DC

BACKGROUND: We are seeking a Senior Cloud Security Specialist to support the Security Engineering team within the IT division at the Board of Governors of the Federal Reserve. This team is responsible for the strategy, design, deployment, and maintenance of effective security solutions in cloud, local, and hybrid environments

Duties/Responsibilities: The candidate shall possess the knowledge and skills set forth in the Technical Services BOA, Section 3.5.4.2 for labour category Senior Cloud Security Specialist.

The candidate shall also demonstrate the knowledge and experience below:

Required Experience:

• Minimum 5 years hands-on AWS security experience

Personnel Qualifications

• AWS Certified Security - Specialty (strongly preferred)
• AWS Certified Solutions Architect - Professional or Associate
• Demonstrated experience implementing secure, scalable AWS cloud architectures following industry best security practices and security frameworks.
• Demonstrated federal experience and comprehensive knowledge in adopting and implementing federal cybersecurity requirements, including but not limited to the NIST Cybersecurity Framework, OMB Memorandum M-22-09, NIST SP 800-53
• Possess deep analytical, problem-solving, and troubleshooting experience, to independently resolve complex security challenges.
• Proven ability to provide technical security consultation and advisory services with a proactive approach to identifying potential issues, raising questions, and engaging in open dialogue with team members and stakeholders to ensure security objectives are met.
• Strong understanding of security concepts and technologies related to Identity and Access Management (IAM), security engineering, network security design, security operations, security architecture, general engineering processes, cloud security, data loss protection, zero trust, DevSecOps and vulnerability management.
• Technical skills in AWS cloud security, security engineering, DevSecOps, scripting, and Infrastructure-as-code (IaC)
• Self-motivated and able to work independently
• Strong attention to detail

The Consultant shall deliver, but not limited to, the following:

• Conduct regular security reviews of cloud infrastructure deployed by engineering teams
• Evaluate infrastructure-as-code against security standards
• Review and validate compliance with security policies and best practices
• Assess adherence to AWS Well-Architected Framework security pillar
• Identify and document security misconfigurations and non-compliant controls
• Develop and maintain security posture dashboards
• Create or update security configuration guides and playbooks
• Offer technical consultation to engineering teams on secure implementation
• Implement AWS security controls and services to ensure proper security hardening and other security engineering tasks.
• Develop and update AWS security configuration standards
• Conduct security training sessions for engineering teams
• Present findings and recommendations in team meetings
• Identify opportunities to automate security assessments
• Recommend security tooling improvements

Personnel Qualifications

• Bachelor’s degree in information security, Computer Science, Management of Information Systems, or related field required
• Minimum of 6 years' experience in cybersecurity, including cloud security, compliance, and risk management with a background in system and network security engineering.
• Minimum of 6 years’ experience on any Cloud Platform (AWS, Azure, Google, others).
• At least one of the following certifications preferred: CompTIA Security , Certificate of Cloud Security Knowledge (CCSK),
• Professional Cloud Architect, Professional Cloud Security Engineer, Certified Cloud Security Professional (CCSP) etc.

Capabilities

• Intermediate level qualifications and capabilities per Section3.5.4.1.
• Serves as a cloud security expert, integrating sound practices from Identity and Access management, monitoring, platform standards, network segmentation and interconnection, encryption, and more into the cloud platforms.

Work with Enterprise Architects, other functional area architects, and security specialists to ensure adequate security solutions are in-place throughout cloud IT systems and platforms