First Tech Federal Credit Union
Cyber Cloud Engineer II
First Tech Federal Credit Union, Hillsboro, Oregon, United States, 97104
Role Overview
The Cyber Cloud Engineer II is a highly technical and detail-oriented individual responsible for designing, implementing, and managing granular security controls within complex cloud infrastructures. This role engineers and automates security solutions to protect First Tech’s cloud-native applications, data, and services from sophisticated cyber threats.
Job Duties
Configure network security controls such as Virtual Private Clouds (VPCs), subnets, Network Access Control Lists (NACLs), Security Groups/Network Security Groups (NSGs), and Web Application Firewalls (WAFs)
Configure and tune security monitoring tools, including SIEM, Cloud Workload Protection Platforms (CWPP), and cloud-native services (AWS GuardDuty, Azure Sentinel)
Utilize tools like AWS Config, Azure Policy, and Cloud Security Posture Management (CSPM) solutions to ensure continuous compliance
Automate the implementation and auditing of security controls against industry frameworks such as NIST, CIS Benchmarks, SOC 2, and ISO 27001
Develop and maintain Infrastructure as Code (IaC) templates using Terraform or CloudFormation to enforce security standards at deployment
Execute automated and manual vulnerability scans using tools such as Qualys, Tenable.io, or cloud-native scanners (e.g., AWS Inspector, Azure Defender for Cloud)
Prioritize findings and drive remediation efforts with development teams
Act as a technical contact for cloud security incidents
Perform deep-dive log analysis using SIEM platforms (Splunk, Azure Sentinel) and cloud-native logging (CloudWatch, CloudTrail)
Conduct digital forensics and root cause analysis (RCA) on cloud workloads and services
Develop custom detection rules based on threat intelligence and anomalous behavior patterns found in VPC flow logs, DNS queries, and API call data
Write scripts in Python (using Boto3/azure-sdk), PowerShell, or Bash to automate security tasks, such as incident response playbooks and compliance checks
Essential Skills
Minimum experience 3 to 5 years of dedicated, hands‑on experience in a cloud security engineering role
Cloud Platforms: Deep technical expertise in at least one major cloud provider required
AWS: IAM, VPC, EC2, S3, Lambda, GuardDuty, Security Hub, AWS WAF, KMS
Azure: Entra ID (Azure AD), Virtual Networks, NSGs, Key Vault, Sentinel, Azure Policy
GCP: IAM, VPC, Cloud Armor, Security Command Center, Key Management Service
Demonstrable proficiency with Terraform or CloudFormation required
Strong scripting skills in Python, PowerShell, or Bash for security automation required
In‑depth knowledge of TCP/IP, DNS, HTTP/S, TLS/SSL, and routing protocols. Proven ability to secure complex cloud network topologies required
Advanced administration and hardening skills for Linux (e.g., Ubuntu, RHEL) and Windows Server required
Experience writing queries and developing correlation rules in Splunk, ELK Stack, or Azure Sentinel required
Knowledge of defense‑in‑depth security architectures using cloud‑native services
Hands‑on experience securing containerized environments (Docker) and orchestration platforms (Kubernetes, EKS, AKS, GKE). Knowledge of pod security policies, network policies, and tools like Falco or Aqua Security (preferred)
Strong understanding of cryptographic principles, Public Key Infrastructure (PKI), and key management systems (KMS, HSM) (preferred)
Experience implementing Data Loss Prevention (DLP) controls and architecting data‑at‑rest and data‑in‑transit encryption strategies in the cloud (preferred)
Minimum Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience
Certification/License: Advanced security or cloud certifications highly preferred (e.g., CISSP, CCSP, AWS Certified Security)
Location Hillsboro, OR 97124 | Rocklin, CA 95765 | (HYBRID)
Target Compensation Hillsboro, OR: $107k - $122k annually + annual bonus
Rocklin, CA: $118k - $135k annually + annual bonus
Benefits
Traditional medical, dental, and vision coverage
401K matching up to 5% per pay period
Accrue up to 17 days of Paid Time Off your first year of employment
11 paid federal holidays
Special employee pricing on lending products such as mortgage, auto, and personal loans (eligibility for special employee pricing is subject to standard account requirements and underwriting criteria)
First Tech is not currently offering Visa transfer/ sponsorship for this position.
#J-18808-Ljbffr
Job Duties
Configure network security controls such as Virtual Private Clouds (VPCs), subnets, Network Access Control Lists (NACLs), Security Groups/Network Security Groups (NSGs), and Web Application Firewalls (WAFs)
Configure and tune security monitoring tools, including SIEM, Cloud Workload Protection Platforms (CWPP), and cloud-native services (AWS GuardDuty, Azure Sentinel)
Utilize tools like AWS Config, Azure Policy, and Cloud Security Posture Management (CSPM) solutions to ensure continuous compliance
Automate the implementation and auditing of security controls against industry frameworks such as NIST, CIS Benchmarks, SOC 2, and ISO 27001
Develop and maintain Infrastructure as Code (IaC) templates using Terraform or CloudFormation to enforce security standards at deployment
Execute automated and manual vulnerability scans using tools such as Qualys, Tenable.io, or cloud-native scanners (e.g., AWS Inspector, Azure Defender for Cloud)
Prioritize findings and drive remediation efforts with development teams
Act as a technical contact for cloud security incidents
Perform deep-dive log analysis using SIEM platforms (Splunk, Azure Sentinel) and cloud-native logging (CloudWatch, CloudTrail)
Conduct digital forensics and root cause analysis (RCA) on cloud workloads and services
Develop custom detection rules based on threat intelligence and anomalous behavior patterns found in VPC flow logs, DNS queries, and API call data
Write scripts in Python (using Boto3/azure-sdk), PowerShell, or Bash to automate security tasks, such as incident response playbooks and compliance checks
Essential Skills
Minimum experience 3 to 5 years of dedicated, hands‑on experience in a cloud security engineering role
Cloud Platforms: Deep technical expertise in at least one major cloud provider required
AWS: IAM, VPC, EC2, S3, Lambda, GuardDuty, Security Hub, AWS WAF, KMS
Azure: Entra ID (Azure AD), Virtual Networks, NSGs, Key Vault, Sentinel, Azure Policy
GCP: IAM, VPC, Cloud Armor, Security Command Center, Key Management Service
Demonstrable proficiency with Terraform or CloudFormation required
Strong scripting skills in Python, PowerShell, or Bash for security automation required
In‑depth knowledge of TCP/IP, DNS, HTTP/S, TLS/SSL, and routing protocols. Proven ability to secure complex cloud network topologies required
Advanced administration and hardening skills for Linux (e.g., Ubuntu, RHEL) and Windows Server required
Experience writing queries and developing correlation rules in Splunk, ELK Stack, or Azure Sentinel required
Knowledge of defense‑in‑depth security architectures using cloud‑native services
Hands‑on experience securing containerized environments (Docker) and orchestration platforms (Kubernetes, EKS, AKS, GKE). Knowledge of pod security policies, network policies, and tools like Falco or Aqua Security (preferred)
Strong understanding of cryptographic principles, Public Key Infrastructure (PKI), and key management systems (KMS, HSM) (preferred)
Experience implementing Data Loss Prevention (DLP) controls and architecting data‑at‑rest and data‑in‑transit encryption strategies in the cloud (preferred)
Minimum Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience
Certification/License: Advanced security or cloud certifications highly preferred (e.g., CISSP, CCSP, AWS Certified Security)
Location Hillsboro, OR 97124 | Rocklin, CA 95765 | (HYBRID)
Target Compensation Hillsboro, OR: $107k - $122k annually + annual bonus
Rocklin, CA: $118k - $135k annually + annual bonus
Benefits
Traditional medical, dental, and vision coverage
401K matching up to 5% per pay period
Accrue up to 17 days of Paid Time Off your first year of employment
11 paid federal holidays
Special employee pricing on lending products such as mortgage, auto, and personal loans (eligibility for special employee pricing is subject to standard account requirements and underwriting criteria)
First Tech is not currently offering Visa transfer/ sponsorship for this position.
#J-18808-Ljbffr