In support of Humana’s vision to create simple, personalized and reliable experience for our healthcare customers we are embarked on the Technology Modernization journey. One of the key strategic initiatives of the Technology Modernization is transformation of the workloads to the Cloud.
We are looking for a Cloud Engineer who will be responsible for providing general support of defined security and compliance requirements, adoption of security best practices for public cloud(s), and implementation of appropriate remediation fix, mitigate vulnerability findings etc.
Sr. Cloud Engineer will support application security enhancements, applications based on changes in scope or needs defined with security process and information flow. Engineer will have to maintain compliance standards working directly with different stakeholders to align and execute infrastructure or application changes.
As a cloud engineer, you will:
- Analyze the security profile of the application findings and implement mitigations to improve security posture of applications for public cloud(s) based on the defined security policies and governance practices
- Be responsible for establishing application security best practices on Secure API integration, ThreadFix vulnerability mitigation, privileged access management , Secrets Management and Data Encryption at-rest and in-transit
- Initiate and review vulnerability, compliance scans and potential security incidents to implement and validate solution(s) for closure
- Partner with the Enterprise Information Protection (EIP) and Application Security under Quality Assurance to improve existing Security and Compliance posture by leveraging the latest Security Industry trends in the Cloud
- Mentor team members, junior and senior, in state-of-the-art of application security best practices, adoptions and mitigations for public cloud(s)
- Research, design and implement solutions to improve application security profile posture for public cloud(s)
- Bachelor's degree or equivalent experience
- 3+ years of security remediation experience and adoption of security controls & best practices in a public cloud provider (Azure Cloud preferred)
- 3+ years any Cloud application security experience (Azure Cloud preferred) including design and implementation of security architectures for large scale workload migrations to the Cloud.
- 3+ years of experience in Architecting for HIPAA Security and Compliance (Azure Cloud preferred)
- Familiarity with latest trends and technologies in public cloud infrastructure, secure application development, virtual network and cloud security management
- Knowledge of Infrastructure as Code and Immutable Infrastructure principles
- Knowledge of the DevOps culture and principles
- Good oral and written communications skills
- Any Cloud professional/expert or associate level certification (Azure Cloud preferred)
- Ability to translate compliance and security requirements into product requirements.
- Experience in at least in one of the leading enterprise scanning tools (Nessus, Tenable, Qualys, and Nexpose etc.)
- Awareness of cost trade-offs across different security models in cloud, vulnerability management practices, remediation tactics and reporting
- Knowledge of information security issues to include, but not limited to Cloud technology cross domains – server, storage, middleware and network technologies
- Deep knowledge of IAM, data protection, transport, perimeter, gateway, and end-point security models in distributed/hybrid cloud environments
- Programming in scripting languages like PowerShell, Shell, Python, Perl etc.
- AZ-500: Microsoft Azure Security Technologies Certification