Senior Network and Cloud Security Analyst
Walker & Dunlop

Job Info

---

Department:
Information Technology

Ready to bring your whole self to work every day? At Walker & Dunlop, we didn't get to where we are by hiring ordinary individuals. We got here by hiring the exceptional! WD is looking for individuals who are caring, collaborative, driven, insightful, and tenacious to join our team!

Position Summary:

This position serves as a leader in Information Security. Primarily responsible for designing and implementing a security architecture and processes for the company's network and cloud environment, including Azure, GCP, AWS, and cloud applications. Works with other departments to define secure baseline standards for the network, cloud environment, automation, making practical recommendations to reduce risks, and then help realize the change, as well as prevention and remediation of security vulnerabilities using existing or new solutions. Provides leadership and helps mentor other team members.

Serves as Tier II escalation for security events. Responsible for security program maturity efforts, strategic thinking, and initiatives related to network and cloud security. Conducts research into current security threats and makes recommendations to counter. Analyzes, plans, designs, and implements security solutions for information security assurance.

What you will be doing:

• Lead and manage security projects
• Design and implement network segmentation in hybrid environments
• Assess, design, implement, automate, and document security solutions and processes for Amazon Web Service (AWS), MS Azure, GCP, SaaS applications and other cloud platforms
• Direct tasks and develop milestones for Information Security projects in support of Information Security goals in line with the Company's direction
• Work with end users on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built in application security controls
• Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline
• Implement and automate "security as code" using cloud services and CI/CD components as necessary
• Design security architecture, methods, and controls required to meet security, compliance, and audit requirements
• Develop, review, and update a library of technical documentation
• Develop metrics and provide regular reports to senior management
• Set requirements and direct managed security service providers (MSSPs) to ensure that they are appropriately managing the services to provide security to the company
• Work with Audit and Compliance to evaluate, select, and implement appropriate cybersecurity frameworks and controls to support company's security, governance, risk, and privacy requirements
• Participate in security audits and formulate a plan of action and milestones to mitigate vulnerabilities
• Establish security baselines using best practices such as CIS benchmarks. Work with other teams to test and implement security baselines into operating systems, infrastructure, and cloud environments
• Maintain thorough understanding of new developments and techniques in cybersecurity, privacy, and compliance
• Represent Information Security in disaster recovery procedures and exercises
• Ensure that disaster recovery procedures comply with security requirements and procedures
• In the event of an outage, assist with the execution of corporate disaster recovery plan
• Log and update all security incidents in the company's ticketing system and update management regularly on the threats, mitigation plans, and status
• Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure
• Establish processes to perform regular reviews of security configurations of operating systems, infrastructure, and cloud environments
• Develop vulnerability management processes and manage the process remediate the vulnerabilities. Establish a process to escalate when vulnerabilities cannot be remediated in a timely manner
• Review security notifications from the company's vendors to determine which vulnerabilities would cause an impact
• Manage Syslog platform to include configuration of rules, alerts, and inclusion of all networked devices. Review Syslog data daily and provides regular reports to management on incidents and responses
• Provide 24/7 on-call support for security incidents related to network systems and infrastructure
• Communicate and problem-solve daily with teammates, clients, vendors, and other stakeholders, often in combination with travel
• Other skills related to building a career in network and cloud security!

The education and experience we're looking for:

• Bachelor's degree in computer science or related field or equivalent technical or professional experience related to the design, installation, security, and maintenance networks and cloud architecture
• Minimum seven years of experience in a network support role with an emphasis on network or application security, especially network segmentation
• Significant technical experience in Cloud Computing technologies and automation (HashiCorp, Terraform, Ansible, Cloudformation, etc.)
• Significant technical experience in at least 3 of the following: Networking, Firewalls, IPS, Python, Bash, Azure, GCP, AWS, REST APIs
• Experience in DevOps environments working with and influencing developers to maintain security through CI/CD processes
• Proficient and up to date with Azure, GCP, and AWS
• Hands on experience with Azure Resource Manager, GCP Deployment manager, and AWS CloudFormation
• Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
• Knowledge of network based, system level, and application layer attacks and mitigation methods
• Experience extracting pertinent security data from SIEM solutions, audit logs, and reports
• Knowledge of technical security control environments and compliance frameworks including NIST Cloud Security Frameworks, CSA CCM, ISO 27017
• Experience with or understanding of a broad range of security technologies relating to security baselines, network security, network segmentation, cloud security, and infrastructure hardening
• Experience with forensics is a plus
• Experience with vulnerability management systems is a plus
• Industry certifications are a plus

What skills you should have:

• Extensive knowledge of TCP/IP and networking principles as well as how packets work
• Extensive knowledge of security best practices as they relate to policies and procedures, configuration, and implementation
• Extensive knowledge of cloud environments including security, configuration, and management
• Expert knowledge of Windows operating systems including Windows 10, Server 2016, and others
• Expertise in creating, maintaining, and deploying group policies to Windows PCs and servers to maintain compliance with security best practices
• Possess strong analytical skills and an ability to identify complex network issues
• Possess strong interpersonal, organizational, customer service, and communication skills and an ability to interact effectively with a wide range of users of varying levels of technological expertise
• Must have documentable knowledge of cloud architecture, networks, security, network planning, and analysis
• Demonstrated experience implementing security policies and procedures
• Must work well within a deadline-driven environment
• Familiarity with Linux operating systems
• Ability to lift 50lbs
• Ability to show ownership of your work, take on challenges and acknowledge growth opportunities, and demonstrate patience when learning new processes
• Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders

Still reading? Then we think you should apply!

EEO Statement
Walker & Dunlop is an equal employment opportunity employer and does not discriminate based on race, color, national origin, religion, gender identity, sexual orientation, sex, age, disability, veteran or military status, genetic information, or any other characteristic protected by applicable law.

SPAM
Please be wary of recruitment scams. An indication of a scam might be a request for sensitive or bank information at the time of application or emails coming from a non walkerdunlop.com email address. Please call us at 301.215.5500, if you have any concerns about information requested during or after the application process.

This job has expired.