SEC SYS & NETWRK ENG

Herndon, VA, US

CLOUD SECURITY ENGINEER

Role Specific Responsibilities

  • Strong working knowledge of cloud offerings and solutions on GCP
  • Implement security controls and monitoring requirements in cloud platforms
  • Implement encryption, IAM, logging, input validation, secure storage design and data transfer.
  • Track security violations and identify trends or exposures that could be addressed by use of application tools to enhance security and technical measures.
  • Conduct security assessments to identify areas of risk and ensure any gaps are remediated
  • Perform Cloud Engineering and ongoing support activities including workload migration to the cloud.
  • Provide ongoing service support and run time system administration
  • Strong understanding of the ELK Stack
  • Manage NGINX Reverse Proxy
  • Defining data protection and governance standards.
  • Automate the provisioning of secure landing zones and virtual compute resources
  • Actively collaborate with Cloud Architects to successfully implement Google Cloud Platform architecture designs using IAC tools (mainly Terraform, GCloud, deployment manager)

Skills and Requirements

  • 5+ years’ experience as a Cloud security experience (GCP preferable)
  • GCP Certified professional
  • Bachelor’s degree in computer science, engineering or related field is a plus.
  • Detailed understanding and real-world experience with security frameworks with their implementation and assessments.
  • Proactive desire to drive best practices for implementing, administering, and evolving effective information security and program at enterprise level
  • Understanding of information risk management frameworks, regulations, data protection guidelines and standards.
  • Identifies and diagnose area of maintenance and process improvement
  • The GCP Security Engineer will use GCP services along with third-party and open-source software to develop the company’s Analytics COE’s Cloud Environments to support development and productionalization of analytics solutions.
  • A detailed understanding of core network Protocols and services (TCP/IP, HTTP/HTTPS, SFTP, DNS, SSL, Load balancers)
  • Experience with IAM (Identity and Access Management) concepts and technologies to secure production and corporate access, such as
    • SSO, SAML, MFA, 2FA
    • Writing IAM Policies
    • Federated identity, RBAC, authentication and Authorization
  • Design and Build security for GCP infrastructure including but not limited to compute instances,
  • VPC networks,
  • VPC firewall rules,
  • Data buckets/Google cloud Storage
  • VPN configuration
  • Databases and data clusters
  • Cloud DNS
  • Managing VMs
  • Google App Engine
  • Hands on experience with cloud container technologies i.e Kubernetes (GKE) and docker
  • Networking VPC/firewalls
  • Logging and monitoring
  • Hands on experience with cloud automation scripting such as Terraform, Ansible, Jenkins, chef, Puppet
  • A strong proven experience with Linux
  • Microservices,
  • Active directory, Windows OS
  • KMS
  • PostgreSQL Database
  • Cloud SQL and database services
  • Modern Scripting Languages (python, Java, Golang, shell scripting, YAML, etc.)
  • Excellent communication skills, both written and verbal.

Beacon's competitive advantage is our people and our value proposition is the differentiator. 

-— Christopher Harrison
Executive Vice President and Chief Human Resources Officer 


Nearest Major Market: Washington DC