The Technology Services Department develops and supports a wide range of IT solutions in support of the Agency’s mission. Under the supervision of the TEC Cyber Security Manager, the Cloud Security Engineer will be responsible and accountable to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. These individuals are proficient in identity and access management (IAM, PAM), using cloud technology to provide data protection, container security, networking, system administration and zero-trust architecture.
- Develops and maintains a cloud security architecture process that enables the enterprise to develop and implement cloud security solutions and capabilities that are clearly aligned with business, technology, and threat drivers
- Develops cloud security strategy plans and roadmaps based on sound enterprise architecture practices
- Develops and maintains cloud security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage cloud security capabilities in projects and operations
- Determines baseline cloud security configuration standards
- Validates the security of the cloud environment using specialized tools (i.e. Redseal)
- Drafts cloud security procedures and standards to be reviewed and approved by executive management
- Develops standards and practices for cloud data encryption and tokenization in the organization, based on the organization's data classification criteria
- Establishes a taxonomy of indicators of compromise (IOCs) and shares with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC)
- Validates IT infrastructure and other reference architectures for cloud security best practices and makes changes to enhance security and reduce risks, where applicable
- Validates cloud security configurations and access to cloud security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
- Conducts or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
- Supports the testing and validation of cloud internal security controls as per audits
- Reviews cloud security technologies, tools, and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics
- Liaises with the TEC team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
- Software as a service (SaaS) provider
- Cloud/infrastructure as a service (IaaS) provider
- Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for cloud security-related deficiencies
- Coordinates with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
- Participates in application and infrastructure projects to provide cloud security-planning advice
- Meets with clients to identify goals and requirements for specific cloud-based application
- Meets with TEC team to understand current security posture goals and requirements
- Looks for opportunities to enforce security policies and procedures
- Looks for opportunities to bring non managed infrastructure into compliance
- Integrating our on-premises endpoints (end users and servers) to a consolidated security environment in the Agency’s Azure environment for compliance, monitoring and threat assessment
- Develop an operational framework to ensure cloud-based resources are closely monitored and ‘patched’ to mitigate security vulnerabilities
Candidates must present the following qualifications to be considered eligible for this position:
- Minimum 2 years experience with one or more major cloud service provider (AWS, Google Cloud, or Microsoft Azure)
- Deep understanding of cloud service architecture and -security concepts
- Extensive experience building security solutions, ideally for cloud services
Ideal candidates will present the following profile:
- Ability to define and implement automated metrics to measure service and program effectiveness and consistency
- Experience working with cloud security and governance tools and server virtualization technologies such as Kubernetes/Docker
- Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
- Ability to communicate ideas and proposals concisely, both verbally and written to executives
- Experience with software vulnerabilities, how CVEs are reported, and how they relate to specific system packages and remediations
- Proven programming skills (Python, Go, Azure CLI, PowerShell, Azure ARM Templates)
- Hands-on security experience, with in-depth knowledge of security, scaling in the cloud, and software engineering practices
- A solid understanding of information security standards & methodologies
- Ability to distill sophisticated security problems and drive toward creative solutions
- Strong organizational and relationship skills
- Cloud Security and Architecture related certifications (Google Cloud Platform Professional Cloud Architect/Developer, Amazon AWS Certified Solutions Architect – Professional, Amazon AWS Certified DevOps Engineer - Professional)
- Familiarity with PCI, SOC2, SOX, and ISO standards
- Agile/SCRUM experience
- Web server/client architecture and implementation experience
- Experience with PAM tools such as CyberArk
- Experience with modeling tools such as RedSeal
- A Bachelor’s degree or equivalent of four years’ experience in a technical discipline specific to Azure cloud administration
- 4 years of hands-on experience with Azure Commercial Cloud Platform on IaaS, PaaS & SaaS in provision, configuration monitoring, troubleshooting and remediation areas. Azure Government experience is preferred.
- Hands on experience with creation, configuration, and monitoring security components of Azure IaaS/PaaS/SaaS cloud resources
- Azure Administrator Associate (Exam AZ-103) Certification.
- Azure Integration and Security (Exam AZ – 101) Certification
- Azure Microsoft Azure Security Technologies (Exam AZ-500) Certification
Compensation & Benefits
The Port Authority of New York and New Jersey offers a competitive salary, an outstanding benefits package and a professional environment that supports development and recognizes achievement.
How To Apply
Interested candidates should apply to this job by clicking on the Apply Now button and submitting a combined cover letter and resume. The Port Authority of NY & NJ welcomes veteran and military spouse applications.
Only applicants under consideration will be contacted.
About The Port Authority
Founded in 1921, the Port Authority of New York and New Jersey builds, operates, and maintains many of the most important transportation and trade infrastructure assets in the country. The agency's network of aviation, ground, rail, and seaport facilities is among the busiest in the country, supports more than 550,000 regional jobs, and generates more than $23 billion in annual wages and $80 billion in annual economic activity. The Port Authority also owns and manages the 16-acre World Trade Center site, where the 1,776-foot-tall One World Trade Center is now the tallest skyscraper in the Western Hemisphere.
EQUAL OPPORTUNITY EMPLOYER
The Port Authority of New York & New Jersey/Port Authority Trans-Hudson (PATH) is an Equal Opportunity Employer.