Cloud Security Engineer

Stefanini is looking for a Cloud Security Engineer in Dallas, TX Responsibilities:Acts as the subject matter expert and principal consultant to management development teams and other stakeholders on matters of security (Cloud migration, PaaS and SaaS solutions) to meet compliance with Federal Reserve System's NIST 800-53 implementation (SAFR) Creste processes and automation around DevsecOps in coordination with software development teams. And should have understanding of SonarQuble IQ Server Fortify and other applications security tools. Should be able to provide guidance in remediating security vulnerabilities. Works closely with cross-functional teams as a subject matter expert for security standards and advises contributes to development as needed. Assist IT teams in identifying security requirements in migrating on-prem applications to AWS/Azure cloud environments. Advises information security colleagues and business clients on information security requirements, compliance responsibilities and methods to protect Bank resources and sensitive information.Reviews internal government academic and commercial sources of information to anticipate new security compliance requirements and identify advancements to best practices for protecting resources and information in the cloud. Drafts local policies standards guidelines and procedures to supplement enterprise security frameworks as needed. Prepares reports on compliance. Develop security architecture and/or security view diagrams depicting expected and actual cloud implementations. Identify security gaps that will or have already occurred and work with various stakeholders to provide appropriate risk treatment. Where required, train information. Security staff and if technical staff on matters of cloud security. May assist in designing role-based access controls within cloud environments Develops workflows and process documentation. Identifies potential non-compliance situations and informe department leadership, Collaborate with current infoSec staff to develop risk management documentation to monitor lifecycle progress track acceptance decisions and catalog remediation actions.Experience applying risk management frameworks such as NIST 800-37 or NIST 800-53 is required. Utilizes automated Governance, Risk and Compliance tools to track artifacts of the risk management lifecycle. Analyzes, designs and implements business processes and requirements to ensure compliance with security policies and procedures, in accordance with approved security frameworks as needed.