Senior Cloud and Software Development Security Engineer

Job not on LinkedIn

October 19

Apply Now

Receive Emails with Similar Jobs

Walker & Dunlop

WebsiteLinkedInAll Job Openings

Finance • Real Estate

Walker & Dunlop is a leading provider of commercial real estate finance and advisory services. With over 85 years in business, the company has become one of the largest commercial real estate finance providers in the United States, offering a broad range of services including investment sales, loan servicing, and valuations. Walker & Dunlop also provides data-driven valuation and advisory services, leveraging their extensive network of capital sources and market insights to serve a wide array of property types such as multifamily, industrial, and retail. The company's approach combines large corporate capabilities with a boutique feel, supported by its robust technological infrastructure and diverse, experienced team.

1001 - 5000 employees

Founded 1937

💸 Finance

🏠 Real Estate

💰 $18M Post-IPO Equity on 2019-09

📋 Description

• Lead and manage security projects. • Assess, design, and document security solutions and processes for Amazon Web Service (AWS) and Azure. • Direct tasks and develop milestones for Information Security projects in support of Information Security goals in line with the Company's direction. • Work with software developers on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built-in application security controls. • Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline. • Implement and automate “security as code” using cloud services and CI/CD components as necessary. • Design security architecture, methods, and controls required to meet security, compliance, and audit requirements. • Develop, review, and update a library of technical documentation. • Develop metrics and provide regular reports to senior management. • Set requirements and direct managed security service providers (MSSPs) to ensure that they are appropriately managing the services to provide security to the company. • Perform regular security audits and automated compliance checks on AWS and Azure resources. • Collaborate with SRE and development teams to ensure secure coding, build, and deployment practices. • Work closely with DevOps, SREs, and developers to champion a "security by design" culture. • Participate in security audits and formulate a plan of action and milestones to mitigate vulnerabilities. • Establish security baselines using best practices such as CIS benchmarks. • Work with other teams to test and implement security baselines into cloud environments. • Maintain thorough understanding of new developments and techniques in cybersecurity, privacy, and compliance. • Represent Information Security in disaster recovery procedures and exercises. • Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status. • Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure. • Establish processes to perform regular reviews of security configurations of cloud and software development environments. • Develop vulnerability management processes and manage the process to remediate the vulnerabilities. • Establish a process to escalate when vulnerabilities cannot be remediated in a timely manner. • Review security notifications from the company’s vendors to determine which vulnerabilities would cause an impact. • Assist in developing and enforcing data governance policies, data classification standards, and compliance workflows (e.g., GDPR, HIPAA, SOC 2). • Provide 24/7 on-call support for security incidents related to network systems and infrastructure.

🎯 Requirements

• Bachelor’s degree in computer science, information security, or related field, or equivalent professional experience • 5+ years of experience in security engineering, DevSecOps, or cloud security • Industry certifications (e.g., CISSP, CCSP, AWS/Azure Security Specialty) preferred • Significant technical experience in AWS and Azure cloud computing technologies and automation (HashiCorp, Terraform, GitLab, JIRA, etc.) • Experience in DevOps environments working with and influencing developers to maintain security through CI/CD processes • Proficient and up to date with Azure and AWS • Hands on experience with Azure Resource Manager, AWS CloudTrail, AWS IAM, AWS Security Hub, AWS Control Tower • Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment • Knowledge of network based, system level, and application layer attacks and mitigation methods • Experience extracting pertinent security data from SIEM solutions, audit logs, and reports • Knowledge of technical security control environments and compliance frameworks including NIST Cloud Security Frameworks, CSA CCM, ISO 27017 • Extensive knowledge of cloud environments including security, configuration, and management • Documentable knowledge of cloud architecture, networks, security, network planning, and analysis • Demonstrated experience implementing security policies and procedures

🏖️ Benefits

• Up to 83% subsidized medical payroll deductions • Competitive dental and vision benefits • 401(k) + match • Pre-tax transit and commuting benefits • A robust health and wellness program – earn cash rewards and gain access to resources that promote health, engagement, and balance • Paid maternity and parental leave, as well as other family paid leave programs • Company-paid life, short and long-term disability insurance • Health Savings Account and Healthcare and Dependent Care Flexible Spending • Career development opportunities • Empowerment and encouragement to give back – volunteer hours and donation matching