Vacancy expired!
DescriptionThe Director of Cloud Security Engineering will be a dynamic, results-driven individual with hands-on experience delivering large complex programs that protect and enable business, and that addresses the risks presented by an evolving threat landscape and regulatory expectation. The role requires solid analytical, technical and communication skills. Manages a team of security engineers and subject matter experts to deliver strategy and supports the secure and efficient migration of enterprise services to the cloud.Works closely with all areas of Enterprise Information Protection (EIP)’s, business units, and strategic partners and vendors to ensure security initiatives are in line with all other key initiatives that may have interdependencies. Provide strategic guidance, oversight and leadership to security engineering & design.ResponsibilitiesPrimary Accountabilities Technical and Team Leadership
Lead a team of Cloud Security Engineering focused on building cloud security projects and automation supporting existing workloads and future workloads migrating to cloud.
Collaborate with cloud architects, strategy, and innovation leads to ensure delivered large complex cloud solutions.
Assist stakeholders in identifying and evaluating processes, technical, and operational security risks, threats, weaknesses, and vulnerabilities associate with all cloud.
Develop security tools and automate existing workflows to improve cloud security.
Act as a subject matter expert on the implementation and capabilities of existing security controls.
Monitor on-going cloud cyber-security controls to ensure they are performed timely, accurately and effectively.
Develop metrics / measurements, and prove the effectiveness of cloud related controls.
Provides direction and thought leadership to enterprise-wide cloud initiatives applying security principles such as defense in depth, identity & access control, encryption, automation, orchestration, drift detection etc. covering all the phases of cyber kill-chain and NIST domains.
Acts as a resource for direction, mentoring, training and guidance for less experienced staff in the department and looked upon as a Cloud Security expert by partners within and outside security organization.
Responsible for staff development, mentoring & retention plans.
Ensure staff contingency plan
Establishing an overseeing team operating budget
Attracting the right talent and make Humana EIP a preferred choice as an employer for cyber professionals
Excellent communication skills, self-starter and able multi-task in a high pressure environment
Cloud Security Engineering
Experience in security automation and tool development to secure the cloud.
Develops security engineering strategies that align to enterprise engineering strategy and the company's business strategy for Cloud
Develops in depth security engineering standards, frameworks and design patterns spanning all layers of security in the Cloud from host, server, mobile, and network to application and data security.
Develop designs, prioritizes, coordinates, and communicates the security technologies necessary to ensure a highly secure yet usable computing environment in the cloud.
Provides security guidance across the system development life cycle, including security architectural reviews.
Contributes to the development and implementation of security technology solutions for complicated and more complex environments and engineering.
Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommends technologies and solutions to mitigate them.
Stays current with leading and emerging security technologies and makes recommendations for use based on business value.
Works closely with other technology engineering leaders and teams to ensure security is properly represented in their technology domains and to ensure consistency and compatibility among EIP strategies and standards.
Actively communicates with stakeholders to drive awareness and understanding of security engineering roadmaps and directions.
Required Qualifications
Bachelor's degree in an IT-related field required; post-graduate degree is a bonus, but not required
Extensive knowledge of cloud automation and CI/CD pipelines.
Extensive knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
Extensive knowledge and experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF and regulatory requirements such as HIPAA, HITrust and PCI.
Experience with implementing security tools and Engineering in Cloud environments, including:
Access Controls
Data Loss Prevention (DLP)
Web Application Firewalls (WAF)
Secure SDLC and Software Security
Nextgen Firewalls
Anti-malware and anomaly detection controls
Data encryption in transit and at rest
Network security
Monitoring
Cloud drift management
Application security knowledge
Containers & micro-services security
Serverless security
Cloud Engineering and/or Cloud Security Certifications (AWS, Azure, GCP) – preferred but not an absolute requirement
Cloud Security Alliance (CCSP, CCSK) (ISC)2
Knowledge of the Mitre ATT&CK framework and NIST Cyber Security FrameworkFamiliarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)Experience with incident response procedures
Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms.
Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams.
Solid knowledge and understanding of security regulations and best practices such as PCI, SOX, HIPAA, or the ISO 27000 family of standards.
Solid knowledge and understanding of systems development life cycle (SDLC).
Demonstrated experience translating business requirements into architectural deliverables and technical specifications.
Demonstrated experience communicating technical information to business clients and less experienced technologists.
CISSP, CISM or equivalent preferred
Preferred location is our D.C. office (Rosslyn, VA), but other WAH options will be consideredScheduled Weekly Hours40About UsMission: At Humana, our cultural foundation is aligned to helping members achieve their best health by delivering personalized, simplified, whole-person healthcare experiences. Recognizing healthcare needs continue to evolve for each person, for each family and for each community, Humana continuously creates innovative solutions and resources that help people live their healthiest lives on their terms –when and where they need it. Our employees are at the heart of making this happen and that’s why we are dedicated to building an organization of dynamic talent whose experience and passion center on putting the customer first. Equal Opportunity EmployerIt is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster.If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact mailboxtasrecruit@humana.com for assistance.Humana Safety and SecurityHumana will never ask, nor require a candidate provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate, please contact mailboxtasrecruit@humana.com to validate the request.
Vacancy expired!