Skip to main content

Cloud Security Strategy & Engineering - GCP

  • Job Family: Cybersecurity
  • Type: Full time
  • Date Posted:
  • Req #: JR50632

Location:

  • IN, Indianapolis
  • TX, Austin
  • GA, Atlanta
  • MI, Dearborn
  • VA, Richmond
  • AZ, Phoenix
  • OH, Mason
  • MA, Boston
  • IL, Chicago
  • NC, Winston

Share:

Description

This technical role develops and drives our Cloud Security patterns to support Enterprise Security solutions. This role will work with developers and DevOps engineers to ensure business and IT alignment with Security requirements standards.  This position will also entail mentoring other teams and providing SME-level guidance, clearly communicating technical requirements to the implementation teams, and supporting the efforts to secure healthcare solutions primarily within Google Cloud Platform (GCP), with holistic insight and advisory participation for Amazon Web Services (AWS) security patterns as well.

 Essential duties can include but are not limited to:

  • Provide security focused solution guidance to business and IT partners and participates in broader information security governance activities. 

  • Works with business units to translate business strategy into discrete capabilities and helps to identify security capability gaps in systems.   

  • Provide strategic and tactical security control recommendations, operational security blueprints and roadmaps, reference architectures for security patterns, and general security technology / application assessments.  

  • Collaborates with Enterprise development teams and ensures that the implementation of components (e.g., domain architecture, solution architecture, and technical architecture) aligns with architecture strategies.

  • Participates in the Cloud Governance processes and community of practice.

  • Recommends changes and updates to cloud security governance strategy based on NIST, regulatory and evolving threats drivers.

  • Proposes opportunities to improve security outcomes and reduce risks based on targeted or continuous assessments.

  • Defines, communicates, and drives security controls matrix design and implementation, and monitors compliance to enterprise-level security standards.

  • Designs, analyzes, and implements testing plans to ensure security guardrails cannot be compromised.

  • Establishes strategic vendor relationships for security products and services; develops enterprise-wide security incident response plans and strategies that includes Integration with business, compliance, privacy, and legal constituents and requirements.

Minimum Requirements:

  • BS/BA in Information Technology or related field of study and a minimum of 10 years of experience in systems administration and security aspects of information systems, access management and network security technologies, network communications, computer networking, telecommunications, systems development and management, hardware, software, data, and people; experience with multiple technical and business disciplines required; or any combination of education and experience, which would provide an equivalent background.

Preferred Qualifications:

  • Understanding of legal / regulatory requirements such as PCI-DSS, HIPAA, NIST, FISMA, etc.

  • Experience in automated integration with ticketing and asset management systems.

  • Security Certifications: Specific focus on GCP Professional Cloud Architect, Professional Cloud Network Engineer, and/or Professional Cloud Security Engineer. CISSP preferred as well, along with CCSP and other advanced technical security certifications.

  • 3+ years of experience in Information Security-focused efforts, with demonstrated ability to distill complex security problems and drive toward creative solutions while complying with Enterprise policies.

  • 3+ years of experience in defining solution architecture, design detailing and technology delivery with a focus on Google Cloud Platform (GCP) services, such as: compute, containers, integration, internet of things, storage, web, and DevOps.

  • Experience in GCP in developing solutions using microservices, GCP GKE, GCP Functions, Google Cloud Run, API / Microservices (Code build, Code deploy and govern), pubsub/cloud Messaging, Logic Apps, Cloud end Points/API Gateway, IoT, Cloud Data Lake, GCP Identity services, Cloud Storage etc.

  • Experience in implementing DevOps automation with Terraform and Ansible following Infrastructure as Code (IaC) concept.

  • Strong knowledge on CI/CD processes and tools.

  • Experience deploying, configuring, and automating CI-CD Release pipeline with CI/CD tools such as Jenkins, Bamboo, Git, Maven/Gradle, Sonar, Artifactory, Jira, Checkmarx, RabbitMQ.

  • Common DevOps scripting languages (Python, BASH, Node.JS, etc.).

  • Experience in centralized controls and reporting for Security-focused logging and monitoring, with a focus on Splunk/ SIEM integration.

  • REST, JSON, YAML, SOAP/XML – Web services a plus.

  • Strong understanding of Cloud Security governance, including but not limited to Organization policies, Assured Workloads, and Security Command Center Premium.

  • Experience with the Mitre ATT&CK framework and detection logic driven by threat intelligence.

  • Highly proficient with Palo Alto/ Panorama and general network security expertise, with a focus on both the web content filtering, IDS/IPS, and OFAC Geoblock capabilities that Palo Alto offers for ingress points as well as Istio and mutual TLS authentication with SPIFFE Spire.

  • Experience with VPC Service Controls, and able to identify and configure for use cases related to GKE workloads.

  • Experience with workload identity federation, specifically as required for service accounts, with strong knowledge of service account controls, vaulting, and best practices.

  • Demonstrated ability to communicate clearly with all constituents, serving as a mentor and SME.

  • Experience with automated security validation and event-driven automation.

  • Clear understanding of overall systems architecture and how to leverage specific components.

  • Understanding of Cloud infrastructure environments and the challenges associated with Enterprise integration, with demonstrated ability to grasp and contribute to big-picture strategy.

  • Experience in hands-on roles, with a focus on operational and security-focused tasks.


Please be advised that Elevance Health only accepts resumes from agencies that have a signed agreement with Elevance Health. Accordingly, Elevance Health is not obligated to pay referral fees to any agency that is not a party to an agreement with Elevance Health. Thus, any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Elevance Health.

Be part of an Extraordinary Team

Elevance Health is a health company dedicated to improving lives and communities – and making healthcare simpler. Previously known as Anthem, Inc., we have evolved into a company focused on whole health and updated our name to better reflect the direction the company is heading.

We are looking for leaders at all levels of the organization who are passionate about making an impact on our members and the communities we serve. You will thrive in a complex and collaborative environment where you take action and ownership to solve problems and lead change. Do you want to be part of a larger purpose and an evolving, high-performance culture that empowers you to make an impact?

We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few.

The health of our associates and communities is a top priority for Elevance Health. We require all new candidates to become vaccinated against COVID-19. If you are not vaccinated, your offer will be rescinded unless you provide – and Elevance Health approves – a valid religious or medical explanation as to why you are not able to get vaccinated that Elevance Health is able to reasonably accommodate. Elevance Health will also follow all relevant federal, state and local laws.

Elevance Health has been named as a Fortune Great Place To Work in 2021, is ranked as one of the 2021 World’s Most Admired Companies among health insurers by Fortune magazine, and a Top 20 Fortune 500 Companies on Diversity and Inclusion. To learn more about our company and apply, please visit us at careers.ElevanceHealth.com. Elevance Health is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. Applicants who require accommodation to participate in the job application process may contact ability@icareerhelp.com for assistance.

Apply Now