Senior Cloud and Software Development Security Engineer

Department

WDTech - Information Security

We are Walker & Dunlop. We are one of the largest providers of capital to the commercial real estate industry, enabling real estate owners and operators to bring their visions of communities — where people live, work, shop, and play — to life. We are committed to creating meaningful social, environmental, and economic change in our communities.

WDTech is W&D’s in-house technology team – a group of collaborative and highly skilled technology professionals, all of whom are leading experts in real estate data, data science, and technology.

WDTech Information Security protects W&D s information assets by way of a comprehensive policy framework that oversees and operates cybersecurity countermeasures and technology risk controls.

As a Senior Cloud and Software Development Security Engineer, you will play a critical role in securing the company’s cloud and application environments, including AWS, Azure, Kubernetes, and CI/CD pipelines. You will design and implement security architectures, embed “security as code” practices, and guide developers on secure design patterns. Acting as an escalation point for complex security events, you will mentor teammates, advance security program maturity, and stay ahead of emerging threats.

Your work will directly protect company assets, ensure compliance, and foster a culture of security by design.

• Lead and manage security projects.
• Assess, design, and document security solutions and processes for Amazon Web Services (AWS) and Azure.
• Direct tasks and develop milestones for Information Security projects in support of Information Security goals in line with the Company s direction.
• Work with software developers on secure best practices in Infrastructure as Code, cloud design patterns and CI/CD with built-in application security controls.
• Work with key areas of business and IT to develop baseline network, cloud, container, and application security standards and integrate into the CI/CD pipeline.
• Implement and automate “security as code” using cloud services and CI/CD components as necessary.
• Design security architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Develop, review, and update a library of technical documentation.
• Develop metrics and provide regular reports to senior management.
• Set requirements and direct managed security service providers (MSSPs) to ensure that they are appropriately managing the services to provide security to the company.
• Perform regular security audits and automated compliance checks on AWS and Azure resources.
• Collaborate with SRE and development teams to ensure secure coding, build, and deployment practices.
• Work closely with Dev Ops, SREs, and developers to champion a "security by design" culture.
• Participate in security audits and formulate a plan of action and milestones to mitigate vulnerabilities.
• Establish security baselines using best practices such as CIS benchmarks. Work with other teams to test and implement security baselines into cloud environments.
• Maintain thorough understanding of new developments and techniques in cybersecurity, privacy, and compliance.
• Represent Information Security in disaster recovery procedures and exercises.
• In the event of an outage, assist with the execution of corporate disaster recovery plan.
• Log and update all security incidents in the company’s ticketing system and update management regularly on the threats, mitigation plans, and status.
• Work within established configuration and change management policies to ensure awareness, approval, and success of changes introduced to the network and cloud infrastructure.
• Establish processes to perform regular reviews of security configurations of cloud and software development environments.
• Develop vulnerability management processes and manage the process to remediate the vulnerabilities. Establish a process to escalate when vulnerabilities cannot be remediated in a timely manner.
• Review security notifications from the company’s vendors to determine which vulnerabilities would cause an impact.
• Assist in developing and…