Cloud Network Security Engineer I

Who We Are

BankUnited (NYSE : BKU) is a national bank headquartered in Miami Lakes, Florida with banking centers in Florida, the New York metropolitan area, Dallas and Atlanta.

BankUnited has two subsidiaries, Pinnacle Public Finance headquartered in Scottsdale, Arizona and Bridge Funding Group headquartered in Hunt Valley, Maryland.

We pride ourselves on our entrepreneurial and collaborative culture encompassing the best minds, the brightest talent and the boldest decision makers.

BankUnited is honored to announce that we have been included on the Newsweek and Statista America's Most Trusted Companies Award List!

BankUnited has been recognized by Newsweek for two outstanding awards in 2023 as one of America's Greatest Workplaces and as one of America's Greatest Workplaces for Job Starters , which acknowledges our commitment to creating an exceptional workplace.

Our Culture

At BankUnited, we foster a diverse and inclusive environment where all employees have the opportunity to advance, grow and achieve their goals.

Our rally cry is to GO FOR MORE™, a call to action to go above and beyond to provide the best customer experience to every client and to GO FOR MORE in your career.

Why BankUnited

Working for BankUnited offers you exciting challenges and opportunities to advance your professional development, while empowering you to deliver and be your best.

We are happy to report the average tenure according to LinkedIn insights is 8.3 years. We strive to provide a competitive benefits plan to our employees and are proud to have been nationally ranked #1 as one of the 2023 Healthiest 100 Workplaces in America by Springbuk and awarded HEALTHIEST EMPLOYER by the South Florida Business Journal since 2020.

As a company, we believe we are only as successful as our people and are committed to providing training and innovative resources that prepare you to reach your full potential.

That's why in addition to tuition reimbursement, we provide our employees with exciting career coaching, courses and training through our own GO FOR MORE™ Academy and mentoring opportunities through our iCARE™ (Inclusive Community of Advocacy, Respect and Equality) program.

At BankUnited, we strive to provide our employees with a work life balance. Specifically, retail branches operate 5 days a week Monday - Friday, excluding evening and / or weekend hours.

For many of our positions, we offer a hybrid work environment, as well as a remote work environment for designated positions.

If you thrive in a fast-paced collaborative work environment, Apply Now and start your journey with BankUnited today!

Job Description

SUMMARY : The Cloud Network Security Engineer is a focused cloud-native security engineering role which will work across the Bank's multi-cloud technology environment.

Domain experience with virtual firewalls, general cloud networking concepts, CASB, IDS / IPS in the cloud, cloud provider native WAF and 3rd party rule sets, DNS Security (e.

g. Akamai), etc. will be required to be successful in this role. This position will work closely with Cloud Architecture, network, and other architecture and engineering teams in helping to baseline and continually improve the Bank's overall cloud security posture.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.

• Perform network security maintenance including updates to firewall rules, WAF rule configuration, IDS / IPS signature updates, etc.
• Management of 3rd party network security service provider to ensure optimization of delivery and partnership engagement
• Creation, updating and ensuring adherence to the Cloud Network Network Security architecture roadmaps
• Conduct research on network and network security products, services, protocols, and standards to remain abreast of developments in the networking industry
• Participate and feed into both network and network security architecture, engineering, and operations teams
• Coordinate with cross functional groups to ensure project timeline and customer service deliverables are met
• Look for opportunities to improve the network security performance and management including coordination with SRE engineers to increase application and supporting network resiliency
• Maintain accurate and current documentation of the cloud network security environment
• Interact with application and other infrastructure personnel to develop and support secure, network aware applications
• Contribute towards the continued development of the Bank's overall business continuity plan
• Help define the Network and Network Security Architecture that will enable our business to thrive
• Leverage IaC best practices to deploy, operate, and scale critical infrastructure
• Develop IaC, build pipelines, and deploy infrastructure following best practices and defined standards
• Collaborate with other teams in the development of a seamless Network and Network Security automation framework
• Work closely with the management team and Agile coaches to transform requirements into tangible deliverables
• Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.

e. Bank Secrecy Act, US PATRIOT Act, etc.).

• Adheres to Bank policies and procedures and completes required training.
• Identifies and reports suspicious activity.

EDUCATION

Bachelor's Degree in Business Administration or related fields or comparable experience in, Computer Information Systems, and / or Engineering with the appropriate emphasis in Cloud and Enterprise networking and security design / administration required.

EXPERIENCE

• Experience with AWS network services such as CloudFront, VPCs and subnets, Direct Connect, Transit Gateway, NACLS Security Groups, WAF, etc required
• Experience with AWS native network security controls eg AWS Firewall Manager, WAF, GuardDuty, etc required
• Experience in AWS network and application load balancing required
• Experience with Terraform for IaC (infrastructure as code) and automated deployment of cloud infrastructure assets required
• Experience with New Relic, AppDynamics, or similar Application Performance Monitoring required
• Experience with SIEM technology (both facilitating the ingestion of network / network security logs and the correlation thereof) required
• Experience with securing Meraki Wireless Technologies preferred
• Experience with multi-cloud networking design preferred
• Experience with AWS multi-region network resiliency design preferred
• Experience with AWS Organizations (or Azure Management Groups / Policy) for global cloud account policy enforcement preferred
• Experience with AWS Route 53 and Azure DNS preferred
• Experience as a network security engineer working in environments, preferably with Palo Alto, Checkpoint, Zscaler, etc preferred
• Experience with VPN and secure remote work enablement tools preferred
• Experience with AWS Certificate Manager or other certificate management solution preferred
• Experience with global WAF and load balancing services such as CloudFlare and Akamai a plus
• Experience with KMS is a plus
• Experience with Okta, Microsoft Entra, and / or IAM policies is a plus
• Experience creating Network and Security Diagrams using Visio and / or Lucid Charts preferred

KNOWLEDGE, SKILLS AND ABILITIES

• Knowledge of security architectures including CASB and SASE
• Knowledge of Checkpoint, Palo Alto, Zscaler, or equivalent firewall and IPS / IDS technologies and the ability to administer required
• Knowledge of Palo Alto virtual firewall technologies and Panorama management required
• Prior knowledge of Cisco core routing and switch equipment (eg Cisco Nexus and Cisco Catalyst Switches) and security best practices preferred
• Familiarity with Routing Protocols with BGP, EIGRP, OSPF, Route Redistribution.

GoForMore