Entry level Associate Security Engineer at Navy Federal securing technical infrastructure and workloads with operational capabilities and threat monitoring practices.
Responsibilities
- Lead the Cloud App Security team technically, acting as a reference for secure architecture, standardization and best practices.
- Design, review and approve cloud architectures with a focus on security, high availability, resilience and cost, following the principles of the Well-Architected Framework.
- Define the security strategy across multiple accounts/subscriptions (landing zone, organizations, security baseline, governance and compliance).
- Design and implement secure networks (VPC/VNet, subnetting, TGW/peering/VPN/PrivateLink), segregate environments, configure and test contingency (multi-AZ/region).
- Collaborate with Engineering, Platform and Application teams to integrate security into the lifecycle (shift-left, SAST/DAST/IAST/SCAs, secrets management).
- Automate security as code: OPA/Conftest, preventive rules in CI/CD, pre-commit hooks, pipelines with quality & security gates.
- Apply scripts and Lambdas/Functions/Cloud Functions for automatic remediation (e.g., close public S3, revoke old keys, isolate a suspicious instance).
- Protect containers/Kubernetes (EKS/AKS/GKE): policies, admission controllers, signed images, secrets, network policies, CIS Benchmarks.
- Run vulnerability scans and perform remediations (EC2/VM, container, serverless), prioritizing by risk level.
- Document and version standards, runbooks and reference architectures; train and pair with the team during deliveries.
Requirements
- +Experience:
- Practical experience (5–8+ years) in Cloud Security, with hands-on deliveries: building Landing Zones, writing IaC, configuring native controls, automating remediation and operating incident response (IR).
- +Technical expertise (AWS – preferred):
- Organizations/Control Tower, IAM/SCPs, KMS, CloudTrail/Config, GuardDuty, Security Hub, Inspector, WAF, Macie, Detective, S3, VPC/TGW/PrivateLink, EKS.
- +Automation and Integration:
- Programming with Python, Bash and PowerShell.
- Use of provider APIs/SDKs for integration and automated response.
- +Networks and Cryptography (practical):
- VPC/VNet, routing, NAT, peering/TGW/VPN, TLS, KMS/HSM, key rotation and key management.
- +Kubernetes Security (EKS/AKS/GKE):
- RBAC, PSP/OPA Gatekeeper/Kyverno, supply chain security (SBOM/signing), registries (ECR/ACR/GAR).
- +Vulnerability Management and Observability:
- Experience in hardening (hosts/containers/serverless) and tools such as:
- CloudWatch/Logs Insights, Athena/Glue,
- Kusto/Sentinel, Chronicle.
- +Compliance and Frameworks:
- Practical application of frameworks:
- CIS (Foundations/Benchmarks),
- NIST CSF / 800-53,
- ISO 27001,
- SOC 2,
- LGPD — including producing evidence and closing gaps.
- +Communication and Professional Demeanor:
- Objective communication (technical and executive).
- Ownership to get things done — from PoC to a production runbook.
- Technical English for reading documentation and interacting with vendors/providers.
- +Desirable / Nice-to-have:
- AWS SA Professional, CISSP / CCSP,
- Azure Security Engineer / Architect,
- GCP Professional Cloud Security Engineer.
- +Advanced Tools and Technologies:
- Experience with CNAPP, CSPM, CIEM, SOAR,
- Secret management (HashiCorp Vault / AWS Secrets Manager),
- SAST / DAST / IAST / SCAs,
- XDR / EDR.
- +IaC and CI/CD with a security focus:
- Terraform (required); bonus: CloudFormation, CDK, Bicep, Deployment Manager.
- CI/CD with security gates: GitHub Actions, GitLab, CodePipeline, Azure DevOps.
- +Incident Response:
- Track record of responding to real cloud incidents and automating remediation at scale.
- +Education:
- Bachelor's degree in Information Security, Computer Science, Systems Analysis, Information Systems or related fields.
- +Certifications:
- AWS certifications: CCP, SAA and Security Specialty.
Benefits
- 🏢 On-site or Remote
- ⏰ Flexible hours
- 📚 Educational incentives (partnerships with educational institutions)
- 🌴 Paid vacation
- 🏋️ TotalPass
- 🎂 Birthday off
- 🏥 Health insurance
- 🦷 Dental insurance
- 🤰 Maternity leave
- 👨👩👧👦 Paternity leave
- 🌟 Reimbursement for AWS certifications
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Machine Learning Researcher focusing on innovative AI and intelligent automation for cybersecurity. Driving research in Agentic AI and collaborating with cross - functional teams for production - grade features.
EHS - Management expert overseeing environmental, health, and safety compliance at ZF. Collaborating with teams to foster a safe work culture and manage regulatory compliance.
Senior Technical Lead architecting and securing multi - cloud environments for Celestica. Leading cloud security projects focusing on Google Cloud, Azure, and Google Workspace.
Senior Manager of Information Security at Celestica overseeing cybersecurity policies and practices. Requires extensive experience in threat hunting, control validation, and security architecture reviews.
Cybersecurity Lead - Product Security at Celestica securing network hardware and operating systems. Lead the 'Secure by Design' principles and operationalize standardized SDLC within product engineering teams.
Senior Technical Lead responsible for architecting and implementing global network security solutions. Collaborating with internal and external teams to meet cybersecurity requirements for Celestica.
Cloud Security Engineer focusing on cloud technologies and security practices to innovate and drive projects for IA Talent. Collaborate with a team to implement cutting - edge cloud solutions.
Senior Security Threat Assessment and Management Specialist at Boeing overseeing threat management and security operations. Collaborating with various departments to ensure safety protocols and incident management.
Boeing Cybersecurity is seeking an ISSO to manage information system security across classified domains. Responsibilities include leading risk assessments, A&A processes, and compliance monitoring.