Location
Canton, OH, United States
Posted on
Mar 19, 2021
Profile
Description
Full time Remote, not Covid Remote.
We are searching for an experienced engineer who can define and operationalize secrets management technologies and processes across the organization to increase Humana's security posture and deepen EIP's oversight of its application secrets. As an Engineer you will play a key role in Enterprise Data Security team providing technical oversight of architecture and design of related security tools, assessments and maturity roadmap. You will work closely with all areas of Enterprise Information Protection (EIP), business units, and strategic partners, and vendors to ensure data security initiatives and operations are in line with policies, standards and applicable controls.
Responsibilities
Serve as the subject matter expert for governance of secrets management technologies such as Hashicorp Vault
Develop and maintain contextual PowerBI metrics to drive adoption of enterprise security standards governing certificates, keys and passwords
Monitor and measure continuous adoption and use of the security certificate program
Establish and manage on-boarding process for engineering teams for certificate issuance, renewal, and revocation processes
Enable teams to pilot certificate automation capability and improve capability based on pilot feedback
Advise on security best practices & routinized processes in the areas of data security
Contribute to data security focused assessments, design reviews and controls
Contribute and drive education for certificate automation and overall secrets governance
Identify & maintain policies and standards to drive compliance
Influence adoption and prioritization of policies and standards
Develop strong partnership cross functionally with EIP and engineering teams
Required Qualifications
7 years of experience in architecture, design and implementation of secrets governance and related technologies
Experience in modern cryptography and its common applications, such as PKI, TLS 1.2/1.3, RSA/ECC cypher suites, DH key establishment, EST, OCSP, etc.
Experience with PKI processes and governance; establishment of PKI processes and PKI governance
Experience working with Cloud (Azure, AWS, GCP other cloud platform) and common application architectures (app/web servers, containerization, etc.)
Working knowledge and understanding of systems development life cycle (SDLC), security regulations and best practices such as PCI DSS, SOX, HIPAA, GDPR and the ISO 27000 family of standards.
Basic understanding of modern application delivery through automation and pipelines
Experience developing automation solutions in Python, Java or PowerShell
Familiarity with Power BI, Power Apps, Power Automate, and SharePoint
Agile delivery experience
Secure Coding experience
Preferred Qualifications
Bachelor's Degree in a Technical Field
CISSP, CISM or equivalent, Cloud Architecture / Cloud Security Certifications (AWS, Azure, GCP), Cloud Security Alliance (CCSP, CCSK)
Knowledge of the Mitre ATT&CK framework, NIST Cyber Security Framework, familiarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.
Experience with deploying and configuring Venafi and Hashicorp Vault and Terraform Enterprise in a highly available environment
Scheduled Weekly Hours
40
Company info
Sign Up Now - InformationTechnologyCrossing.com