This role is within the CTC Product Security team aligned to the Cloud Services Enablement spanning across multiple public cloud providers. Your responsibility will be to ensure that Public Cloud is adopted in a secure and compliant manner. You will play an important role in identifying and managing risk related issues and actions with respective technology. You will have an eye for detail and an ability to see the big picture across security issues.
Job responsibilities
- Executes security solutions design, development, and technical troubleshooting with the ability to apply knowledge of existing security solutions to satisfy security requirements for internal clients (e.g., product, platform, application owners)
- Creates secure and high-quality production code and maintains algorithms that run synchronously with appropriate systems.
- Applies specialized tools (e.g., vulnerability scanner) to analyze and correlate incident data to identify, interpret, and summarize the probability and impact of threats when determining specific vulnerabilities.
- Leads delivery of continuity-related awareness, training, educational activities, and exercises
- Adds to team culture of diversity, equity, inclusion, and respect.
- Deliver risk-based assessments of secure technology controls relating to cloud services, cloud platforms and architectural components.
- Perform security reviews of infrastructure-as-code for cloud platform enhancements.
- Support business technology teams to understand control requirements and associated scope dependent on cloud architecture.
- Interface with wider CTC teams ensuring platform integration with security operations, threat intelligence, IAM and network security.
Required qualifications, capabilities, and skills.
- Formal training or certification on security engineering concepts and 3+ years applied experience.
- Experience developing security engineering solutions.
- Proficient in coding in one of more languages
- Overall knowledge of the Software Development Life Cycle
- Solid understanding of agile methodologies such as CI/CD, application resiliency, and security
- Working knowledge of information and network security, IT risk management, and architectural concepts and patterns
- Proficient in specialized tools (e.g., vulnerability scanner) used to analyze incident data.
Preferred qualifications, capabilities, and skills
- A keen desire to learn how new technologies operate and how to secure them.
- Work independently, collaborate within a team, comfortable in a virtual environment, self-disciplined, self-managed, self-motivated, and strong sense of ownership, urgency, and drive.
- Proficient verbal and written communication skills, including the ability to effectively participate in discussions and meetings with internal management, external / internal audit, peer groups, regulators, and senior stakeholders.
- Ability to interact within a cross Line of Business technology organization, empower people, build rapport, garnering respect.
- Willingness to understand technology processes such as resiliency, disaster recovery management, performance and capacity management required specific to the public cloud.
- Certifications in AWS, Azure, Google, security certifications, CCSP, CISA, CISSP, CISM or other information security certifications would be a significant advantage.
- Hands on experience of developing and/or architecting within a Public Cloud environment would be a significant advantage.