Lead Application Security Cloud Engineer
The Lead Application Cloud Security Engineer will lead, consult and recommend solutions on matters relating to Cloud Application Security within IT Solutions Engineering. This role will be responsible for the definition and design of the cloud security solutions and cloud-based architecture (Iaas/PaaS/SaaS). This is a role focused on automation, process and necessary tools to support Secure SDLC for Humana’s fast-paced application development environment and technology operations. The role requires a grasp of application security principles and practices and a background working in an application development and coding environment within a large enterprise.
- Build a very close working relationship with DevOps, cloud engineering, application development and QA teams.
- Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments
- Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
- Participate in designing IT and Cloud security strategy, system security controls and secure configuration.
- Creating security policies and standards around Cloud Security, Container Security, Configuration Management, Infrastructure as Code.
- Researching new security technologies and their application to the corporate and cloud environment
- Ensuring all acquired or developed systems are consistent with the solution engineering and security architecture guidelines
- Assess new and existing cloud implementations, identifying security issues, misconfigurations and prioritizing fixes/remediation
- Defining and documenting how the implementation of a new system or interface impacts the security posture of the current environment
- Help define and implement cloud security process, automation and tools to feed DevSecOps processes
- Performing security reviews, identifying gaps in security architecture and design
Bachelor’s Degree in Information Technology, Computer Science or a related field
Six+ years of experience designing, developing, and testing of software applications and/or infrastructure
Strong experience with cloud security strategy, cloud provider ecosystems (Amazon AWS, Microsoft Azure, Google Cloud Platform)
Experience in developing secure code and application security standards
Experience conducting application security testing and source-code reviews
Experience with risk-based testing and/or manual assessment
Applied knowledge of healthcare industry
Master’s Degree in Computer Science, Information Technology or a related field
Advanced knowledge of security capabilities and constraints related to deploying cloud native and multi-cloud applications and infrastructure
Experience performing web vulnerability assessments, application penetration testing and using penetration testing methodologies
Experience creating source code per OWASP or other secure coding guidelines
Experience in designing or implementing a security release management strategy for enterprise cloud applications
Experience with cryptographic techniques such as cryptographic algorithms, key management and rotation processes, and secure key storage
Experience with developing enterprise-wide secure code testing strategy
Certifications: AWS Certified Security; CCSP (Certified Cloud Security Professional); CISSP (Certified Information System Security Professional); CEH (Certified Ethical Hacker); GSEC; ISTQB (foundation, agile, test manager, test analyst, tech test analyst, etc.)
Experience with SAST and DAST technologies including IBM AppScan, CheckMarx, Secure Assist, NowSecure, Burp Suite
Scheduled Weekly Hours