Experienced AWS Security Engineer - (100% Remote)
: Job Details :

Position Description :

Serco Inc. is currently seeking an Experienced AWS Security Engineer to join our talented team (100% Remote). If youre looking for a high profile and challenging Security Engineer position supporting Centers for Medicare and Medicaid (CMS), then Serco has a great opportunity for you! The remote Network Engineer position will be on a dynamic team, supporting our CMS program based out of Herndon, VA. The position reports to IT Operations Network Manager.

Serco supports the Centers for Medicare & Medicaid Services, a federal agency within the United States Department of Health and Human Services that administers the Medicare program and works in partnership with state governments to continue supporting eligibility determinations for consumers purchasing health insurance through the Federal Health Insurance Exchanges.

As a key member of our cloud infrastructure and security team, you will play a crucial role to help run system and network security operations of a hybrid cloud environment. You must have the ability to test and evaluate security concepts and security application changes to eliminate problems and make improvements with the ability to troubleshoot complex technical issue, help create solutions, and be able to help provide root cause of incident.

The position will require AWS knowledge and expertise, Windows and Linux server security and vulnerability management, network firewall and F5 rule creation and policy management, security compliance and standards, Zero Trust Architecture, endpoint security, access control and authentication management, and security SIEM tools.

This position requires flexible working hours; must be willing to be on-call/work evenings/weekends as needed for troubleshooting or implement changes

In this role, you will:

• Scalable Deployment and Management: Deploy and manage scalable security solutions for policy enforcement and secure internet traffic, ensuring the protection of our AWS and hybrid infrastructure.
• Windows and Linux Security: Implement and maintain security measures for both Windows and Linux systems/instances, including vulnerability monitoring, patch management, and configuration hardening.
• AWS Expertise: Utilize your AWS expertise to implement and configure security features such as IAM, encryption mechanisms including KMS, and security groups and NACLs to protect our cloud environment.
• Hybrid Environment Security: Design and implement security solutions for our hybrid environment, ensuring seamless integration and protection of on-premises and cloud resources.
• Splunk Utilization: Utilize Splunk for log analysis and correlation to identify security incidents, conduct investigations, investigate, and troubleshoot outages, and improve overall security posture.
• Network Security Tools Proficiency: Demonstrate proficiency in network security tools such as Skybox and Netbrain to assess, monitor, and enhance the security of our network infrastructure.
• Firewall Configuration and Management: Configure and manage Cisco and Palo Alto firewalls to enforce security policies and protect against unauthorized access and threats.
• Active Directory Security: Implement and maintain security controls within Active Directory, including access controls, group policies, and privileged access management.
• Zero Trust Implementation: Apply zero trust principles to our security architecture, implementing least privilege access controls and continuous authentication mechanisms.
• Big IP F5: knowledge of F5 firewall and access policy management to provide API access for third-party applications.
• Ticketing System and Security Office work: Work service requests and incidents tickets from end users and shareholders.
• Production Support and On-call Participation: Provide production support and participate in on-call rotations to promptly address security incidents and ensure the availability and integrity of our systems.
• Infrastructure as Code (IaC): Collaborate with multiple teams to ensure infrastructure as code is implemented securely within the AWS environment and IaC is maintained on security architecture.

Qualifications:

To be successful in this role you will have:

• United States Citizenship/Green Card required
• Willing to be on-call, work evenings, and weekends as needed for troubleshooting or implement changes
• A Bachelor's degree in Computer Science, Information Technology, or a related field
  • Or a High School Diploma with 9 years of relevant experience in lieu of degree
• Minimum 4 years of relevant experience
• Working knowledge of SIEM and logging tools;
  • Splunk, CloudWatch, CloudTrails, and SolarWinds for log review, monitor and reporting, and troubleshooting issues systems
• Expertise in AWS Cloud concepts and security services
• Knowledge of network principles and network security concepts
• Knowledge and security practices of Windows and RHEL operating systems
• Experience working with Zscaler Zero Trust environment and can investigate issues and implement changes in ZPA, ZIA, and ZDX
• Active Directory Knowledge of Users and Computers and Group Policy Management
• Experience working with firewall rules and policies preferably in Palo Alto Panorama
• Knowledge of F5 Big IP Access Policy Management and APIs to help maintain third-party application access control
• Experience assisting with artifact collection, documentation, process writing, and ticketing for audits and security office requests
• Knowledge of Infrastructure as Code using Terraform or CloudFormation
• Willing to work in and learn a myriad of network and security tools and devices including Netbrain, Skybox, CrowdStrike, SolarWinds Orion, and others
• Strong problem-solving skills and ability to respond effectively to security incidents and vulnerabilities
• Excellent communication and collaboration skills, with the ability to engage stakeholders and work effectively in cross-functional teams
• Ability to travel up to 10%

Additional desired experience and skills:

• AWS Certified Security - Specialty or AWS Certified Solutions Architect preferred
• Proficiency in a scripting language for automation of security tasks and processes is a plus

In compliance with state and local laws regarding pay transparency, the salary range for this role is $83,365.11 to $138,941.85; however, Serco considers several factors when extending an offer, including but not limited to, the role and associated responsibilities, a candidate's work experience, education/training, and key skills.

Company Overview :

Serco Inc. (Serco) is the Americas division of Serco Group, plc. In North America, Sercos 9,000+ employees strive to make an impact every day across 100+ sites in the areas of Defense, Citizen Services, and Transportation. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state, provincial and local governments, and commercial clients. While your place may look a little different depending on your role, we know you will find yours here. Wherever you work and whatever you do, we invite you to discover your place in our world. Serco is a place you can count on and where you can make an impact because every contribution matters.

To review Serco benefits please visit: If you require an accommodation with the application process please email: ...@serco-na.com or call the HR Service Desk at 800-###-####, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.

Candidates may be asked to present proof of identify during the selection process. If requested, this will require presentation of a government-issued I.D. (with photo) with name and address that match the information entered on the application. Serco will not take possession of or retain/store the information provided as proof of identity. For more information on how Serco uses your information, please see our Applicant Privacy Policy and Notice.

Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email ...@serco-na.com.

Serco is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.