Cloud Security Engineer
The Cloud Security Engineer plays a vital role in supporting Comerica's cloud security posture by assisting in the monitoring, analysis and protection of cloud-based infrastructure and services. This role will involve working with cloud security tools, including AWS GuardDuty, CloudTrail, CloudWatch, CNAPP.
This role will also develop and implement security processes and solutions that protect our cloud environments. The incumbent will be responsible for the ongoing assessment and compliance with required security guidelines across our enterprise computing landscape, ensuring robust security measures are in place.
Position Responsibilities:
Cloud Security Monitoring
- Perform Cloud focused investigations by analyzing logs and services relevant to the underlying cloud service provider.
- Design, implement and support secure cloud architecture across various platforms (e.g. AWS, Azure, GCP).
- Support cloud scanning and monitoring coverage evaluation on AWS, Azure & GCP.
- Process SIEM tools enhancement requests, support design, build, test and deploy.
- Support development, documentation, and maintenance of operationally effective playbooks to deal with Cloud-based incidents.
- Clearly and concisely articulate any recommendations that arise from investigative activities and converse confidently with both technical and non-technical stakeholders as needed.
- Assess and recommend cloud security best practices, tools, and technologies.
- Propose changes to the technical design solutions as applicable.
- Maintain detailed documentation for procedures and incidents.
- Prepare and present regular security reports and dashboards to management.
Security Automation & Tools Implementation
- Develop and integrate automated security solutions to ensure sufficient coverage, improve operational efficiency and reduce manual intervention.
- Develop and maintain automated security processes and scripts to streamline cloud security operations.
- Work closely with other functional infrastructure areas/departments on multiple initiatives to meet organizational/business goals & objectives.
- Participate in planning guidance on short term & long-term planning to meet ongoing business & operational needs.
- Participate in and contribute to project teams on architectural, design development, integration opportunities, planning of complex systems & assures it is aligned to our established strategies, guiding principles, rationales & practices.
Risk Management -- Compliance and Regulatory Adherence
- Ensure the cloud infrastructure complies with industry regulations (e.g. SOX, SOC 2, PCI-DSS, FFIEC, GLBA).
- Participate in audits and assessments related to cloud security and compliance.
- Participate in audits and assessments to ensure that cloud environments meet security standards and regulatory compliance requirements.
- Participate in testing and analysis of procedures and systems to prepare for emergencies.
- Actively participate in threat modelling of new services/capabilities, readiness exercises such as purple team, and tabletops.
- Security assessment with AWS, Microsoft and other 3rd party vendors as needed.
- Support the process to assess and create monitoring rules within the CNAPP tool that follow existing integrated procedures and provide updates on a recurring basis.
- Provide evidence of controls that the policy gaps are now being monitored.
Administration and Communication
- Security tools administration. Configure and manage cloud native tools like AWS GuardDuty, AWS Security Hub.
- Metrics and KPI tracking and reporting on cloud security performance, such as incident response times, policy compliance.
- Maintain detailed security documentation and reports for internal and external stakeholders, including audit reports, formulating procedures.
- Collaborate closely with cloud engineering teams to integrate security controls into the cloud infrastructure and development pipelines.
- Develop designs for projects that have low to medium complexity.
- Other duties as assigned.
Position Qualifications:
- Bachelor's Degree from an accredited university in Computer science, engineering or in a technology related field OR equivalent through a combination of education and/or technology experience OR 12 years of technology / cybersecurity experience
- 4 years of proven experience working with AWS cloud infrastructure, security controls and related services e.g. IAM, AWS GuardDuty, AWS Inspector, VPC, CloudTrail, CloudWatch, AW Security Hub
- 4 years of experience identifying technical solutions for complex business problems, identifying the benefits and risks of the solutions, and providing recommendations
- 4 years of experience leading cloud technology projects with medium to large sized projects
- 3 years of experience working in a full life cycle development in an enterprise development environment
- 3 years of experience with configuration management concepts and tools and design and modeling tools
- 2 years of experience working in a DevOps model
- 2 years of experience with and a deep understanding of AWS services, cloud security best practices and protecting cloud-based systems
Licenses/Certifications:
- Certified Cloud Security Professional preferred
- CISSP (Certified Information Systems Security Professional preferred
- AWS Certifications preferred
- Cloud Professional Certification (AWS/Azure) preferred
About Comerica
We know our employees are critical to our overall success and we are dedicated to investing in their future. One of the ways we do this is to offer a comprehensive Total Rewards package designed to recognize and reward individual performance, as well support health, well-being, development and security for our colleagues and their family. Total Rewards consists of cash compensation, development and flexible benefit programs designed to meet individual needs today and in the future. Your salary will be commensurate with your work experience and our programs are reviewed regularly to ensure each remain competitive. We are proud to offer benefits such as health and welfare programs, strong retirement benefits, and generous paid time off programs. You and your eligible family members, including domestic partners and their children, can participate in medical, dental, and vision benefits, 401(k) and pension, income protection benefits such as life insurance, AD&D, and supplemental health programs to offset unexpected health care expenses. We also have a variety of time off programs for things like vacation, sick time, disability, and parental leave. Eligibility for some programs varies based on employment status and tenure.
Upon offer, Comerica conducts a comprehensive background and fingerprint check.
NMLS certification requirement: where applicable, a favorable background check screening, credit check, fingerprint check, and NMLS certification is required in accordance with the SAFE Act.
Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, and strategically aligned into three major business segments; the Commercial Bank, the Retail Bank, and Wealth Management. Comerica's colleagues focus on relationships, and helping people and businesses be successful. In addition to Texas, Comerica Bank locations can be found in Arizona, California, Florida and Michigan, with select businesses operating in several other states, as well as in Canada and Mexico.
Comerica is proud to be an Equal Opportunity Employer - veterans/individuals with disabilities, committed to workplace diversity.
|
Comerica Bank
life insurance, parental leave, paid time off, sick time, 401(k)
Apr 28, 2025