AWS Cloud Security Engineer

Global Partners LP is seeking a hands-on Cloud Security Engineer to join our Cyber Security Team and play a key role in Global’s security and risk management operations in the AWS public Cloud.The Cloud Security Engineer’s main objective will be to secure and protect our AWS Cloud instances, workloads and applications from malicious threat actors, external threats, internal threats and malware. The Cloud Security Engineer will work with various IT, cyber security and designated business teams to secure our Cloud infrastructure and applications in accordance with industry best practices and the ever-evolving threat landscape.The Cloud Security Engineer will also advise the Cyber Security Team and CISO on emerging vulnerabilities, threats and newly introduced risks to Global’s AWS Cloud infrastructure. The Cloud Security Engineer will take a proactive approach in continually assessing the security of those systems/applications throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.For over 90 years Global Partners LP has been delivering the energy our communities need to grow, move, and thrive. From Alltown Fresh, with its innovative chef-led creations and guest-focused retail experience, to our vast network of over 50 liquid energy terminals across the eastern seaboard and beyond, Global Partner’s integrated network of businesses delivers value day-in and day-out to our guests and customers across the US. At Global Partners we embrace the future, investing in the energy transition with initiatives like GlobalGLO and supporting the communities in which we operate with our charitable work.We’re excited for the next 90 years at Global Partners and what innovative new ideas we can bring to our guests and customers in the future. We’re looking for passionate people with great ideas to contribute to our company’s future. If you’re motivated by what’s next, Global Partners can provide you the opportunities to push your career to the next level.The Types of “Energy” You Bring • Excellent written and verbal communication skills.• You are self-motivated and like to take initiative.• You are a team player with a positive attitude.• You have great attention to detail and are highly organized.“Gauges” of Responsibility • Design, deploy, administer and maintain various security controls to safeguard our AWS cloud infrastructure, from both external and internal threats• Responsible for monitoring, discovering, investigating, and mitigating any related AWS cloud incidents and breaches in collaboration with both the cyber security team and our managed security services provider• Keeping our AWS Cloud infrastructure well protected, making recommendations, and continually improving on our Cloud security technologies, both AWS native and/or 3rd party provided• Ensure and monitor that configurations and security controls meet best practices thru the use of a native or 3rd party cloud security posture management (CSPM) tool• Define operational playbooks for various threat scenarios and provide periodic testing of those playbooks• Conduct routine security assessments, vulnerability scans, and coordinate penetration tests to identify and address potential security weaknesses• Engage in digital forensics to investigate breaches or security incidents in the AWS Cloud• Available 24/7 to participate in cyber incident response activities, as necessary• Collaborate with IT Disaster Recovery Team and play a pivotal role in helping to develop, test, and refine our Cloud disaster recovery and resiliency plans tailored for AWS• Develop and execute AWS security automations where ever possible• In coordination with the cyber security team, assist in conducting regular vulnerability scans of our AWS Cloud environment. Using the vulnerability assessment results to drive remediation activities• Ensure compliance with current security controls standards (CIS Critical Controls), along with our data privacy and security standards• Collaborate with cross-functional teams to integrate security best practices into the software development lifecycle (SDLC) and continuous integration/continuous deployment (CI/CD) pipelines• Coordinate periodic pen testing exercises with Global’s Red Team and also coordinate any mitigation activities, based upon findings• Staying abreast with security standards and emerging vulnerabilities/threats to proactively mitigate threats• Familiarity with Health Information Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and various state privacy laws• Maintain accurate and current documentation of the cloud network security environment• Some travel may be necessary, but will be minimal• Performing other cyber security team duties and responsibilities as assigned“Fuel” for You• Coins! We offer competitive salaries and opportunities for growth. We mean it! We have an amazing Talent Development Team who create trainings for growth and job development.• Health + Wellness - Medical, Dental, Visions and Life Insurance. Along with additional wellness support.• The Road Ahead – We offer 401k and a match component!• Professional Development - We provide tuition reimbursement; this benefit is offered after 6 months of service.• Give Back! We believe in community support. We know everyone gives in their own way, that’s why we offer paid volunteer time-off to you to help an organization of your choice.The GPS of our Interview Process• First thing first, if you’re interested in the role, please apply.• A talent acquisition team member will review your resume in partnership with the hiring manager. If your experience would lend to this opportunity a recruiter will contact you.• We conduct “in-person” (ZOOM) interviews and provide additional interview information or other items needed at that time.QUALIFICATIONS• Hands-on experience with the various AWS native security services/tools, such as Firewall, Security Groups, Guard Duty, KMS, Security Hub, Route53, IAM Access Analyzer, IAM, Detective, Encryption, etc.• Bachelor's degree in Information Security, Computer Information Systems, Computer Science, or other relevant work experience required• 3+ years’ experience implementing, administrating, operating and supporting AWS Cloud-based cyber security controls• 5+ years of overall cyber security related work experience• Strong understanding of AWS security services and cloud architecture• Deep knowledge of AWS security tools and capabilities• Experience in data protection, data security and data privacy management• Familiarity with a broad range of cyber security tools ( e.g. - Velociraptor, Checkpoint Firewalls, Qradar, Crowdstrike, Rapid7, MS Defender, InsightVM, etc. )• Experience with Cloud Security Compliance Frameworks and models, such as CIS, ISO, NIST, CSA, CCM and/or OWASP.• Cloud Security Posture management (CSPM) tools• Experience with securing, administering, and maintaining a fully operational AWS Cloud environment• Experience with ZTNA tools and/or implementations a plusEducation/Certifications• Bachelor of Science degree in Computer Science, Engineering, or related field.• CISSP, CISA, CISM, CCSP or other relevant security related designation(s) required• AWS Security Certification preferredResearch shows that many, especially women and marginalized people, are hesitant to apply for job if they don’t check every box. If you are excited about this position, and think you could have an impact here, please apply anyway, even if you don’t meet every point on the job description. We’d love to hear from you.Global Partners LP is an equal opportunity employer. We foster a company culture where ideas from all people help us grow, move and thrive. We embrace the diversity of all applicants and do not discriminate against race, color, religion, sex, age, national origin, sexual orientation, gender identity, disability, protected veteran status or any other basis prohibited by federal, state or local law. If you have a disability and need an accommodation to apply, please contact our recruiting department at 781-891-4000.