Information Security Engineer, Cloud

30 Jun 2024

Vacancy expired!

Job Type: Regular

The RAND Corporation seeks an experienced Information Security Engineer, Cloud with a strong background in both cybersecurity and a cloud-based infrastructure and software services to join the Information Security Architecture and Engineering team. The Architecture and Engineering team applies next generation technologies to combat the efforts of advanced persistent threat (APT) adversaries in their attempts to infiltrate and disrupt RAND's computing services. The candidate will apply their experience to support ongoing operations while identifying and pursuing opportunities to continuously improve the impact and reliability of our cyber deterrence capabilities applying zero trust architecture (ZTA) network principles. They will lead information security governance and implement security solutions with a focus on cloud computing, including infrastructure, platform, and software as a service (IaaS, PaaS, SaaS) solution. The information security team plays an integral role in securing all of RAND's information systems by setting and verifying security and policy requirements. Additionally, RAND's information security professionals have the unique experience of being able to work with RAND's cyber policy researchers in support of their policy analysis on emerging cyber threats on ransomware, autonomous vehicles, health care services, critical infrastructure, and our national security capabilities.

Duties and Responsibilities

The following duties and responsibilities will be expected of the position:
  • Design and manage boundary and interior network controls including network security groups, network access controls, cloud firewalls, virtual networks, and gateways,
  • Define security best practices for RAND's infrastructure, platform, and software as a service solution
  • Collaborate with the information assurance management to audit the security practices of or cloud service providers to make recommendations on security configurations and the appropriateness of use of these services for processing RAND information,
  • Contribute to the development and maturation of the cybersecurity strategy and roadmap,
  • Develop automated orchestration routines to ensure ongoing protection of cloud services,
  • Identify, select, and deploy emerging cloud and hybrid cloud security services across RAND's cloud services,
  • Diagnose and troubleshoot cyber-related network and system performance deficiencies,
  • Apply engineering principles to the management of RAND's cyber infrastructure services,
  • Self-motivated and fully responsible for leading technology deliverables, analyzing gaps and driving improvements to RAND's cyber-deterrence capabilities,
  • Provide input to security policies and standards in accordance with changes in regulations, best practices, industry trends or controls required by RAND contracts and grants.

Position Qualifications

Preferred Skills
  • Network, data flow, process, and sequence diagrams
  • Cloud orchestration technologies including such as AWS CloudFormations, Azure Kubernetes, and Durable Orchestration
  • Cloud security implementations including identity management, API logging,
  • Hybrid cloud security platforms such as Armor Anywhere and Cloudvisory
  • Identity and access management, authentication, repudiation, MFA, use of tokens and smartcard technology
  • Prior experience with firewall systems, architectures, design, and configuration as well as IPS, proxies, Web Access Firewalls, and related systems
  • Network concepts such as DNS, TCP/UDP, MPLS, SD-WAN, TLS, OSI layers, 802.1x
  • Network diagnostics including tracing, packet capture and analysis
  • Encryption standards, key management, and PKI implementations
  • Requirements' definition, gap analysis and technology assessment and selection

Minimum Experience, Other Success Criteria
  • A minimum of 5 years experience in engineering and cyber deterrence with 3 years' experience in cloud security
  • Experience designing, implementing, and maintaining cybersecurity configurations in network, boundary appliances or application services
  • Knowledge of cybersecurity regulations and standards including NIST, PCI, or ISO 27001 security controls in complex enterprise environments
  • Understanding of capabilities central to securing enterprise networks including end point protection, detection and response services, network intrusion detection and prevention systems, behavior-based malware detection, and memory forensics

Stand-out qualifications that would put you ahead of other candidates
  • Experience with software-defined networks, zero trust networks and cloud security
  • Experience designing the security framework for a multi-account/multi-tenant cloud environment in AWS, Azure or GCP to ensure best practices are applied across all deployed services
  • Implementation of Automation and orchestration for the continuous integration and delivery of cyber services
  • Cyber forensic investigations and diagnosing indicators of compromise
  • Industry engagement such as ND-ISAC, DIB, RSA, Blackhat and others
EDUCATION AND CERTIFICATIONS

A Bachelor's Degree in Computer Science or equivalent field of study

Additional consideration given for one or more IT and Cyber Security certifications such as AWS Certified Security, Azure Security Engineer Associate, CSK, CCSP, CISSP, CISA, GCSA, and Security+

ADDITIONAL REQUIREMENTS

The selected individual must have the ability to obtain and maintain at least a DoD Secret clearance and/or DHS Fitness designation.

This position may have the feature of offering a 100% remote work arrangement.

RAND

Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet