Role: Python AWS Engineer
Location: Hybrid to Plano, TX, Mclean, VA
Contract: W2
Job Description
#1 Requirement: CSPM At least 2 years of experience working with a Cloud Security Posture Management tool (Cloud Custodian, Wiz, Aqua Security, Prisma Cloud, etc)
#2 and #3 Requirement: Python and AWS
Project Scope:
- Onboard and manage new cloud services, primarily from AWS, for the organization
- Partner with the cybersecurity risk team to analyze risks associated with new cloud services
- Implement detection and prevention measures using the tool Cloud Custodian – This is a Cloud Security Posture Management tool
- Contribute to the open-source Cloud Custodian project by writing Python code to address gaps in the tool's capabilities as it pertains to AWS services needing onboard
- Manage a backlog of 50 cloud services that need to be recertified every 2 years – if they win the Discover work they will need to do this for all of the AWS services not currently certified to their standards
- Ensure that changes to existing cloud services are properly assessed and addressed
Required Skill Set:
- Strong Python development skills for automation and tuning of
- Experience with AWS services and concepts, such as EC2, IAM, networking, and data sharing – we are not needing a cloud engineer here. We are needing someone who understands these services and the policies needing enforced surrounding their use
- Understanding of identity and access management (IAM) basics, including roles and policies
- Familiarity with DevOps and SecOps practices
- Ability to write code that interacts with cloud service APIs, particularly AWS API libraries
- Passion for security and a desire to work in a behind-the-scenes, "thankless" role that isn’t front end focused
- Preference for candidates with prior DevOps or cloud infrastructure experience
The ideal candidate would be someone strong working with Python and a strong background in cloud infrastructure and security. The organization is particularly interested in candidates who have a passion for DevOps and SecOps, as this role is focused on protecting the enterprise infrastructure rather than building customer-facing applications.