UNAVAILABLE

Job Description

Position Summary

The Cloud Security Engineer will primarily work with members of the TSG Infrastructure, applications, & collaboration teams engineering & architecture resources to design, implement, & remediate cloud information security controls based off the defined cloud security standard. Primary focus will be on automation cloud security controls. The Cloud Security Engineer will also work with internal teams that are deploying infrastructure for development & production hosted software. The teams include AAG, ADAPT, & NGSS. These teams include highly skilled developers working in a fast-paced project-based structure.

Company Overview

Bain & Company is the management consulting firm that the world’s business leaders come to when they want results. Bain advises clients on strategy, operations, information technology, organization, private equity, digital transformation and strategy, and mergers and acquisition, developing practical insights that clients act on and transferring skills that make change stick. The firm aligns its incentives with clients by linking its fees to their results. Bain clients have outperformed the stock market 4 to 1. Founded in 1973, Bain has 58 offices in 37 countries, and its deep expertise and client roster cross every industry and economic sector.

Department Overview

Bain’s Information Security team is a global team of cybersecurity professionals who are working to protect Bain’s and our client’s critical information assets. Our mission is to assess risks to critical areas and any cyber threats to provide continuous guidance and improved information security standards to all facets of Bain’s business services and consulting operations. Our utmost priority is to ensure the confidentiality, integrity and availability (C-I-A Principles) of our work for our clients.

Essential Functions

Cloud Controls Implementation Automation

• Work with TSG, ADAPT, AAG, & other groups to develop and/or deploy new & improved methods of automation for implementation of cloud security controls by leveraging custom scripted processes (Powershell or Python) or purpose build automation platforms (Ansible, Terraform, Jenkins, TravisCI, etc.)

Cloud Security Architecture Review

• Act as a security subject matter expert when reviewing design and implementation approaches with internal infrastructure & development teams
• Conduct risk assessments & threat modeling for cloud environment deployments based on Bain’s internal policies & standards
• Assist application security peers in review of new infrastructure requirements for applications & systems developed by Bain’s development teams

Cloud Vulnerability Review & Advisory

• Assist Cyber Security Operations (TSG), Infrastructure (TSG), & Development (ADAPT, AAG, NGSS, & TSG) team members with review and remediation of vulnerabilities associated with cloud environments by providing expertise in security vulnerabilities & exploitation of those vulnerabilities

Cloud Control Implementation

• Partner with infrastructure (TSG) & development (ADAPT, AAG, NGSS, & TSG) teams to implement cloud security controls using built-in capabilities from cloud vendors (AWS, Azure, or GCP) or purpose-built cloud agnostic tools (Netskope or Rapid7)

Cloud Control Standards Improvement

• Perform continues upkeep of cloud security standards by providing regular updates based on changes to industry best-practice frameworks (ISO, NIST, etc)
• Review & advise on security best practice & control requirements for new cloud technology

Qualifications

Education

Required

Bachelor’s degree, or relevant work experience, and an Information Security certification in some of the following (i.e. CISSP CCSP, OSCP, CCSK, PCSM, CCSS, GSEC, GCED, GCWN, GCUX, GMON, & GCSA)

Preferred

Additional Information Security certifications focused on cloud security (same as above)

Experience

Required

• 5-8+ years of experience
• 1-3 years security engineering or 3-5 years cloud engineering with some security experience

Preferred

• 3+ years focused on security engineering for cloud infrastructure (IaaS & PaaS)

Knowledge, Skills, and Abilities

Required

• Experience with secure deployment of enterprise scale infrastructure in either: Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure
• Experience with automating tasks via scripting or provisioning services, including: PowerShell, Python, Bash, VB, Ansible, Puppet, Chef, or equivalent
• Experience with common cloud security controls frameworks: NIST CSF, CSA CCM
• Experience deploying systems or applications leveraging a security hardening benchmark guide. (i.e. CIS benchmark or AWS Best Practice guide)
• Ability to work independently and with teams on complex problems
• Complex problem solving
• Ability to work in a fast paced, dynamic environment.
• Attention to detail and priority/time management.
• Strong customer service, analytic, communication (oral and written) and troubleshooting/problem solving skills.
• High performance and standards as demonstrated by academic or previous job experience.

Preferred

• Experience with secure deployment of enterprise scale infrastructure within two or more cloud infrastructure platforms: Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure
• Experience with automated provisioning solutions, specifically Ansible
• Experience with automating tasks via scripting, specifically Python or PowerShell
• Experience writing Infrastructure-as-Code (IaC), specifically Terraform
• Experience with source code management & version control using Git & a code repository
• Experience with integrating security controls into a CI/CD pipeline
• Experience with common cloud security control frameworks, for example NIST CSF or CSA CCM
• Experience implementing security monitoring solutions and providing support to security operations teams