Senior Cloud Security Expert for AWS & Snowflake
Join New Era Technology, where People First is at the heart of everything we do. With a global team of over 4,500 professionals, we’re committed to creating a workplace where everyone feels valued, empowered, and inspired to grow. Our mission is to securely connect people, places, and information with end-to-end technology solutions at scale.At New Era, you’ll join a team-oriented culture that prioritizes your personal and professional development. Work alongside industry-certified experts, access continuous training, and enjoy competitive benefits. Driven by values like Community, Integrity, Agility, and Commitment, we nurture our people to deliver exceptional customer service.If you want to make an impact in a supportive, growth-oriented environment, New Era is the place for you. Apply today and help us shape the future of work—together.
SUMMARY:
Client requires a AWS Snowflake Security Expert to lead and execute a NIST SP 800-53 Rev 5 moderate-baseline cybersecurity assessment of a multi-account Snowflake data-warehouse deployment on AWS, producing a security assessment report with findings and recommendations.PRIMARY DUTIES:
- Planning & Scoping
- Facilitate scoping workshop and interviews with the IAM Lead, Cloud Security Engineering, Site Reliability Engineering, Snowflake DBA Team, Network Security Engineering, IT GRC, Security Engineering, Security Architecture, Internal Audit, Security Operations, Vulnerability Management, Application Security, Red Team and Threat Hunting
- Select applicable NIST control baseline and overlays (HIPAA, CJIS, PCI-DSS, FedRAMP Moderate).
- Create detailed assessment plan & schedule
- Execute the Security Assessment
- Identity & Access
- Inventory AWS IAM roles, SCPs, KMS key policies, IAM Identity Center mappings.
- Map to Snowflake RBAC objects (users, roles, warehouses, resource monitors) and test separation-of-duties matrix.
- Validate MFA, Private link DNS, key-rotation cadence, IdP claims.
- Encryption & Data Protection
- Inspect column-level encryption keys, tri-secret strategy, dynamic data-masking policies, secure data-sharing agreements, and customer-managed KMS versus Snowflake-managed keys.
- Logging & Monitoring
- Ensure CloudTrail org-trail + S3 object-lock is present; validate Snowflake Access History & Account Usage retention ≥ 1 year.
- Gather custom metrics in CloudWatch and Snowflake Resource Monitor alerts.
- Test log integrity (KMS-MAC signatures) and SIEM onboarding (Splunk, Sentinel, or Elastic).
- Network & Segmentation
- Review VPC design, Transit Gateway attachments, Security Groups, NACLs, Guard Duty, and Private Link endpoint policies.
- Obtain TLS version scan against *.snowflakecomputing.com endpoints.
- Vulnerability & Configuration
- Execute vulnerability reports reviews; run Inspector & Qualys against EC2 bastions.
- Validate Snowflake parameter drift and golden-Terraform state alignment.
- Incident Response & Contingency
- Verify runbooks for session kill, key rotation, and account failover scripts.
- Governance & Supply-Chain
- Evaluate Snowflake FedRAMP package, SOC 2 Type II, AWS Artifact docs, partner-connect integrations, and data-processing addendums (DPAs) for GDPR/CCPA
- Identify third party governance for Snowflake and related vendors (e.g., API gateways, etc.) is in place
COMPENTENCY:
Cloud Infrastructure Security Assessments (IaaS, PaaS and SaaS), IT Risk ManagementREQUIRED EDUCATION: Bachelors in computer science
, Information Systems, or equivalent; CISSP, CISA, or CISM preferred.EXPERIENCE:
- 8+ years hands-on AWS security; hold current AWS Security Specialty or Solutions Architect Professional certification.
- 3+ years administering Snowflake Enterprise or higher (SnowPro Core or SnowPro Advanced: Architect experience strongly preferred).
- Deep knowledge of NIST SP 800-53 Rev 5 controls.
- Proficient with Terraform, CloudFormation, AWS Config conformance packs, and Okta/ADFS SAML claims mapping.
- Demonstrated experience integrating CloudTrail, GuardDuty, Macie, and Snowflake event tables into Splunk/Sentinel.
- Scripting: Python 3, Bash, SnowSQL; familiarity with Snowpark and data-classification UDFs a plus.
- AWS Control Tower & Landing Zone experience.
LANGUAGE SKILLS:
EnglishPHYSICAL DEMANDS
: NoneEXPECTED HOURS OF WORK:
40 per week – 9 weeks durationTRAVEL:
Fully RemoteQUALIFICATIONS:
- Experience with large enterprises
- Experience in the big tech industry
- Excellent attention to detail
- Strong organizational skills
- Excellent analytical skills
- Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint
- Collaborative team worker – both in person and virtually using MS Teams or similar
- Ability to work as liaison between business and information security / information technology
- Flexibility to accommodate working across different time zones
- Excellent interpersonal communication skills with strong spoken and written English
- Business outcomes mindset
- Solid balance of strategic thinking with detail orientation
- Self-starter, ability to take initiative
New Era Technology, Inc., and its subsidiaries (“New Era” “we”, “us”, or “our”) in its operating regions worldwide are committed to respecting your privacy and recognize the need for appropriate protection and management of any Personal Data that you may provide us. In this, we are also committed to providing you with a positive experience on our websites and while using our products, services and solutions (“Solutions”).View our Privacy Policy here https://www.neweratech.com/us/privacy-policy/
Apply to this Job