WHAT DOES A CLOUD SECURITY ENGINEER DO?

Published: August 5, 2024 – The Cloud Security Engineer implements security solutions and processes on cloud platforms like AWS, Azure, and GCP, managing policies, alerting, reporting, and integrations while leading incident response efforts. The role involves mapping and automating security controls and requirements in cloud environments, ensuring strong access and identity controls with continuous monitoring and collaboration across IT teams. This engineer also evaluates security vendors and tools, develops improvement processes for security and compliance, and provides strategic direction to influence team members toward desired results.

A Review of Professional Skills and Functions for Cloud Security Engineer

1. Cloud Security Engineer Duties

  • Information Security Program: Manage and oversee the Information Security Program.
  • Security Controls and Cloud Implementations: Analyze security controls and report on cloud implementations.
  • Security Posture and Compromise Areas: Analyze current security posture and investigate potential areas of compromise that would bypass existing controls.
  • Risk Reduction Recommendations: Provide effective recommendations to reduce risk where applicable.
  • Security Point of Contact: Act as a security point of contact in relations, with the ability to represent and communicate Security directives.
  • Documenting: Document work performed for all reviews, audits, and assessments.
  • Risk Analysis: Maintain familiarity with performing and presenting quantitative and qualitative risk analysis.
  • Compliance Program: Assist in ensuring all compliance programs (access review, entitlement review, code reviews, and security tests) are being maintained according to their set schedules.
  • Governance Tasks: Establish automation processes for repeatable tasks to reduce the work effort required for governance-related tasks.
  • Security Risks: Effectively communicate and escalate Security-related risks and vulnerabilities based on application or environment.
  • Incident Response Activities: Support Incident Response activities during security events or incidents.
  • Customer Integrity and Confidentiality: Support the commitment to protect customers’ integrity and confidentiality of systems and data.
  • Security Monitoring: Serve as the primary resource for Security monitoring, identifying or obtaining a response to issues and optimization.
  • Monitoring Alerts: Perform activities such as setting baselines for monitoring alerts, reducing 'noise' from excessive monitoring notifications, and creating actionable alerts and reports.

2. Cloud Security Engineer Details

  • Security Automation Development: Writing automation to detect security vulnerabilities, misconfigurations, and gaps
  • Cloud Security Monitoring: Monitoring the cloud environment and collaborating with other teams to fix security issues
  • Continuous Learning: Continuously learn new technologies and practices to keep up with the business and threats
  • Risk Communication: Providing feedback to better inform others of risk, challenge dogmas
  • Security Mentorship: Mentoring colleagues on security, risk, and compliance
  • Escalation and Mentorship: Ability to act as an escalation point and provide mentorship for peers
  • Security Design and Standards: Develop and maintain detailed security designs, tools, and configuration standards
  • Security Challenge Automation: Build automation to remediate common security challenges
  • Security Engineering Delivery: Security Engineering design and delivery
  • Security Research and Evaluation: Security research and Technology evaluations
  • ISO 27001 Compliance and Incident Investigation: Maintain ISO 27001 Compliance and investigate security incidents
  • SAST/DAST Optimization: Ensure optimal use of SAST/DAST solutions

3. Cloud Security Engineer Accountabilities

  • Technical Resource Support: Acts as a technical resource to other IT staff in the design, implementation, and operationalization of security controls in or related to the cloud platforms.
  • Security Integration: Integrates security into the Continuous Integration/Continuous Delivery (CI/CD) system development lifecycle (SDLC) for application development and deployment.
  • Security Resource: Acts as a security resource for the infrastructure, database architecture, and business application management teams.
  • Technology Collaboration: Works closely with other technology members to ensure that security is properly provisioned in their technology domains.
  • Container Security Automation: Develop and deploy container security automation, cloud security automation.
  • AWS Security Remediation: Develop and deploy AWS remediation rule sets for security.
  • Cloud Compliance: Develop and deploy rule sets in Cloud Config compliance, container security.
  • SIEM Metrics Reporting: Develop and report SIEM performance metrics to leadership using tools such as Kibana, LogRhythm.
  • Risk Assessments: Perform internal and vendor risk assessments on applications, services, tools, and cloud infrastructures across projects.
  • Incident Response Testing: Assist in the testing and development of incident response tabletop and functional exercises.
  • Technical Security Reviews: Perform detailed technical security reviews of new systems or architectures.
  • Security Risk Identification: Identify security risks, threats, and vulnerabilities of networks, systems, applications, and new technology initiatives.
  • Vulnerability Scans: Perform and evaluate regular internal and external vulnerability scans within a multi-platform environment.

4. Cloud Security Engineer Job Description

  • Cross-functional Collaboration: Work within the Operations Team, but will constantly collaborate with various teams and groups within the company.
  • Team Collaboration: Collaborate with other development teams within the engineering group.
  • SaaS Platform Understanding: Understand the SaaS platform and the current systems in place to monitor and protect the platform.
  • Monitoring Improvement: Improve the effectiveness of monitoring and alerting.
  • Vulnerability Management: Enhance, implement, and maintain vulnerability management programs across all platforms.
  • Data Navigation and Correlation: Navigate between different sources of data and look for a way to correlate them to achieve effective protection.
  • Industry Standards Utilization: Use many industry standards team-oriented platforms: Jira, Confluence, GitHub, and ELK.
  • Cross-team Communication: Utilize these systems to achieve effective cross-team communication.
  • Security Reviews Participation: Participate in security reviews covering current operations and new technologies.
  • Process Automation and Innovation: Automate the processes, adopt Machine Learning, and bring “best of breed” products to the company.
  • Accreditation and Compliance Support: Support accreditation and compliance initiatives including SSAE18, PCI, GDPR, etc.
  • Security Infrastructure Integrity: Ensure the integrity of security infrastructure, network, and systems design to evaluate and ensure system/network security.
  • SIEM Tools Introduction: Introduce SIEM tools such as Splunk, ArcSight, and/or SolarWinds.

5. Cloud Security Engineer Role Purpose

  • Implement Security Processes: Implement security processes and solutions in public-based cloud platforms such as AWS, Azure, and GCP.
  • Cloud Security Management: Own management of the Cloud Security platform and provide configuration of policies, alerting, reporting, and integrations.
  • Incident Response Leadership: Lead incident response efforts for policy violations and/or suspicious activity events.
  • Security Control Mapping: Map existing security controls and requirements and apply them to environments running in the cloud.
  • Automate Security Integration: Automate integration of security into the cloud environment provisioning and DevOps processes.
  • Access and Identity Controls: Implement strong access and identity controls as well as provide continuous monitoring to ensure security remains enforced.
  • Cross-Functional Collaboration: Collaborate with cross-functional Engineering, DevOps, and Architecture Teams across IT.
  • Attacker Techniques Application: Apply an understanding of attacker techniques, tools, and tactics to provide preventive measures based on risk tolerance.
  • Security Platform Effectiveness: Ensure all security platforms are effective (e.g., SIEM, PAM, Detect and Response, etc.)
  • Continuous Improvement Development: Develop continuous improvement processes to periodically review environment usage, scaling, security, and compliance to identify potential optimizations and cost reductions.
  • Security Vendor Evaluation: Assist in evaluations and POCs for security vendors, tools, and services.
  • Strategic Direction and Influence: Provide strategic direction and ability to influence team members both within and outside of technology teams to achieve desired results.