Job Description

The purpose of the Lead Security Engineer is to provide AWS cloud security expertise and will be responsible for the implementation of system-specific security controls and security overlays necessary to ensure the resilience of the AWS security posture. This role is part of a larger team dedicated to cloud-based management and security. As a Lead Security Engineer, this role is also responsible for the development and execution of highly complex, large-scale cyber security initiatives and requires a professional who is comfortable taking decisions and dealing with a range of problem-solving challenges and can work in a fast-paced environment and has a clear passion for cybersecurity and related technologies.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0021   Knowledge of data backup and recovery.
• K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
• K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• K0104   Knowledge of Virtual Private Network (VPN) security.
• K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• K0205   Knowledge of basic system, network, and OS hardening techniques.
• K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Required Skills

• S0007   Skill in applying host/network access controls (e.g., access control list).
• S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
• S0121   Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• S0124   Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
• S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Required Abilities

• A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).