Information Security Cloud Engineer – Subject matter Expert

Role: Information Security Cloud Engineer – Subject matter Expert Project: Cloud Engagement Reporting to: Director of Information Security Engagement purpose: Establish cloud asset visibility, reduce cloud-based security risk through standardized controls, and integrate ongoing monitoring into the information security program. Objective The Cloud Security SME will design, implement, and operationalize a comprehensive cloud security foundation that enables the us to: Accurately identify and maintain an inventory of all cloud assets Apply and enforce security and governance controls across cloud environments Enable continuous monitoring, detection, and reporting of cloud risk within the information security program Dedicate a predetermined amount of time per week to grow cloud knowledge within the current team based on predetermined needs. This effort directly supports risk reduction, audit readiness, regulatory compliance, and executive visibility into cloud security posture Responsibilities The SME shall: Access Cloud Environments configuration, security, and billing and make suggestions on best practices. Identify and document all cloud environments in scope Establish a cloud asset inventory including but not limited to: Subscriptions / accounts / tenants Computer, storage, databases, and networking resources Identity objects, service principals, and managed identities Security tooling integrations and logging sources Define asset ownership, business purpose, data classification, and environment tier (prod/non-prod) Implement automated discovery and reconciliation where feasible Align inventory practices with CNO configuration management and inventory policies Deliverables Cloud inventory data model Cloud asset inventory Asset ownership and accountability mapping Cloud environmental assessment Cloud security baseline and hardening The SME shall: Define security baseline for cloud resources align to: CNO security policies Applicable regulatory and compliance requirement Industry benchmarks (CIS, NIST) Implement and validate Secure configuration standards Identity and access controls Logging, monitoring, and telemetry requirements Network segmentation and exposure controls Identify and remediate High risk misconfigurations Partner with IT, Engineering, and Application teams to ensure controls are practical, enforceable, and sustainable Deliverables Cloud security baseline standards Configuration hardening documentation Risk ranked cloud security findings and remediation plan Continuous monitoring and detection enablement The SME shall: Integrate cloud environments with approved security monitoring platforms Ensure: Continuous visibility into cloud configuration drift Detection of unauthorized changes insecure deployments and risky behaviors Centralized logging and alerting aligned to SOC workflows Define alerting thresholds, priorities, and escalation criteria Validate monitoring coverage for: High risk assets Sensitive data workloads Identity and access activities Support tuning to reduce noise while maintaining risk coverage Deliverables: Cloud Monitoring Architecture and data flows Alerting and detection use case alignment SOC integration and handoff documentation Governance, Risk and Program integration The SME shall: Integrate cloud inventory and security findings into: Cybersecurity risk register Audit and assessment evidence repositories Executive and steering committee reporting Define cloud specific KPIs and KRIs such as: Inventory coverage and accuracy Misconfiguration trends and remediation velocity Monitoring and detection coverage Provide defensible documentation suitable for internal and external review Support tabletop reviews, audits, or risk briefings as required Deliverables: Cloud security metrics and reporting framework Risk register inputs and supporting evidence Audit read documentation package Knowledge transfer and sustainability The SME shall: Develop runbooks, standards, and operating procedures for: Cloud inventory maintenance Secure deployment expectations Monitoring and incident escalation Provide knowledge transfer to: Information security engineering SOC/Incident response Relevant IT and Engineering stakeholders Ensure the cloud security capability is repeatable and scalable beyond the engagement Deliverables: Cloud security runbooks Operating procedures Knowledge transfer sessions and materials Out of Scope (Unless approved) Application-level code remediation Full cloud platform migrations Non-security operational support End user training outside of technical stakeholders Success criteria The engagement will be considered successful when: A complete and accurate cloud asset inventory is established and maintained Defined cloud security baselines are implemented and enforced Continuous monitoring is operational and integrated with infosec monitoring workflows Cloud security risks are measurable, reportable, and defensible at executive level Engagement characteristics Acts in a security engineering SME capacity, not general IT operations Works collaboratively with IT, Engineering, and Incident Response Operates under CNO security governance and approval processes Delivers documentation suitable for audit, regulatory, and leadership review. Equal Opportunity Employer/Veterans/Disabled Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, an EAP program, commuter benefits, and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable. Disclaimer: These benefit offerings do not apply to client-recruited jobs and jobs that are direct hires to a client. To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit https://www.akkodis.com/en/privacy-policy. The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable: · The California Fair Chance Act · Los Angeles City Fair Chance Ordinance · Los Angeles County Fair Chance Ordinance for Employers · San Francisco Fair Chance Ordinance