Cloud Security Engineer, Sr
Old National Bank · Chicago, IL · 2 days ago
Information Technology$70/hrFull-time
Responsibilities
- Design, implement, and maintain secure landing zones across AWS and Azure, using preventive guardrails to block deployment of security misconfigurations.
- Leverage cloud-native security services such as: AWS: IAM, KMS, Secrets Manager, Service Control Policies, Security Hub, GuardDuty, CloudTrail, Config, WAF, Inspector, etc.; Azure: Azure AD, Defender for Cloud, Key Vault, Security Center, Sentinel, Policies, etc.
- Develop and enforce cloud security baselines, guardrails, and configuration standards.
- Support the creation and refinement of cloud control narratives that assert the security posture of our cloud landing zones.
- Implement deep observability to unify logs and metrics across multiple services to derive both real-time and historical insights.
- Develop, manage, and engage in code review of complex IAM policies that define cross-account access patterns, ensuring adherence to the Principle of Least Privilege.
- Implement Just-in-Time access workflows that avoid long-lived credentials.
- Support emerging use cases for cloud with bespoke IAM identity and policies that maintain security posture and data privacy.
- Utilize enterprise security tools such as Tenable, Qualys, and Snyk to: Identify, prioritize, and remediate vulnerabilities across cloud workloads. Track and report security posture improvements. Integrate automated scanning into CI/CD pipelines.
- Embed security early in the Secure Software Development Lifecycle (SSDLC). Partner with development teams to implement automated security testing. Integrate SAST, SCA, and IaC scanning tools into CI/CD pipelines.
- Write, review, and maintain Terraform configurations for cloud resource deployment. Implement automated security controls and monitoring via IaC. Build and maintain secure-by-default Terraform modules that enforce least privilege, encryption, and compliance requirements.
- Develop and fine-tune cloud security monitoring using native and third-party tools. Assist in cloud-focused incident management/response, log analysis, forensics, and root cause investigations.
- Develop detective, preventive, and proactive controls to identify, prevent, and remediate security misconfigurations and anomalous activity.
- Ensure cloud environments align with frameworks such as NIST, CIS Benchmarks, SOC2, and ISO27001. Perform continuous compliance checks using AWS Config, Azure Policies, Terraform policies (OPA), and scanning tools. Support internal and external cloud security audits.
Qualifications
- 5–7+ years of experience in cloud security engineering or related roles.
- Deep practical knowledge of AWS and Azure security services.
- Proficiency with HashiCorp Terraform.
- Hands-on experience with Tenable, Qualys, Snyk, or similar vulnerability/scanning tools.
- Expertise in observability and incident management.
- A strong understanding of: Identity and access management, network security and zero trust principles, encryption, key management, secrets management, data privacy best practices.
- Experience implementing security practices in GitOps environments.
- Strong communication and documentation abilities.
- A collaborative mindset with a focus on partnering with engineering teams.
- Ability to manage multiple priorities and drive security initiatives independently.