Senior Cloud Security Engineer
Humana · Miami, FL · 1 wk ago
RemoteRemoteInformation Technology$107k–$147k/yrFull-time
About the role
Join our team as a Senior Cloud Network Security Engineer! We are looking for an experienced professional with expertise in managing GCP Next-Generation Firewalls (NGFW), Azure Network Security Groups (NSGs), and the Prisma Cloud security suite. This role focuses on securing multi-cloud environments by automating security policies using Infrastructure as Code (IaC) with Terraform, while leveraging Prisma Cloud tools to ensure comprehensive workload protection and compliance.
Responsibilities
- Deploy and provide operational support for hierarchical NGFW policies in GCP using security tags, and automate configurations using Terraform and DevOps principles.
- Manage and troubleshoot Azure Network Security Groups (NSGs) at scale, using Terraform to automate deployment, updates, and scaling of security rules across multiple environments, ensuring continuous network protection and performance.
- Ensure all infrastructure changes are deployed through CI/CD pipelines using Terraform modules, following best practices for DevSecOps.
- Develop and implement security policies, standards, and procedures for cloud-based applications and infrastructure employing Prisma Cloud's comprehensive security solutions, including Workload Protection (Compute), Cloud Security Posture Management (CSPM), and Code Security modules.
- Integrate robust code security measures and scanning capabilities into CI/CD pipelines and other cloud workflows using IaC.
- Implement and manage enterprise security policies using Prisma CSPM's advanced capabilities, including preventive guardrails and automated remediations, to ensure proactive measures are in place.
- Leverage IaC and CI/CD to seamlessly deploy, patch, and upgrade Prisma Cloud and cloud-based security systems.
- Configure vulnerability items, misconfigurations, and other alerts in Prisma Cloud, actively assisting stakeholders with timely remediation efforts.
- Assist the SOC and Cyber Defense & Response Team during security incidents, involving timely configuration changes to Prisma and frequent participation on major incident bridges.
- Manage user access in Prisma portal based on least privilege roles, and provide operations training and support, as needed.
- Participate in a 24/7 on-call rotation to ensure rapid incident response, maintaining operational integrity and minimizing downtime across enterprise systems.
Requirements
- Bachelor's Degree in Computer Science, Information Technology, Cybersecurity or related field.
- 7+ years of experience supporting and implementing multi-cloud security solutions with a focus on GCP and Azure, including configuration, deployment, troubleshooting, and ongoing maintenance.
- 3+ years of direct, hands-on experience with GCP network access control and Azure NSGs, leveraging IaC automation (Terraform) for efficient and secure cloud operations.
- Strong ability to manage and troubleshoot Azure NSGs, leveraging Terraform for automation and scaling.
- Experience implementing security policies via IaC using Terraform and managing deployments through Azure DevOps (ADO) and GitHub Actions.
- Expertise in DevSecOps and shift-left principles, actively ensuring security risks and misconfigurations are addressed early in the development process.
- Ability to work in a 24x7 on-call rotation, triage incidents, and participate in incident bridges with senior leadership teams (SLT).
- Proven experience in incident response and security operations, including assisting the SOC during critical events.
- Capable of providing training and guidance to team members on cloud security best practices.
Preferred Qualifications
- Certification in Prisma Certified Cloud Security Engineer (PCCSE) and/or Palo Alto Networks Systems Engineer—Prisma Cloud Associate desired.
- Advanced experience with Terraform and managing large-scale IaC automation through CI/CD pipelines.
- Experience implementing and managing Policy as Code (PaC) in cloud environments, including Azure Policy, GCP Organizational Policy, or HashiCorp Sentinel.
- Familiarity with Agile methodology, including Scrum and Kanban frameworks.
- Proficiency with scripting languages such as PowerShell, Python, YAML, and Bash.
- Experience troubleshooting Linux environments using tools like cURL, tcpdump, netstat, etc.