Job responsibilities
- Support the execution and enhancement of a long term information risk and control strategy designed to keep the information assets of the public cloud secure.
- Lead cloud infrastructure platform security review and threat modelling, including code reviews
- Deliver risk based assessments of secure technology controls relating to cloud services, cloud platforms and architectural components.
- Support business technology teams to understand firm control requirements and implementations across a broad range of cloud architectures.
- Contribute to documentation and agile processes in support of security programs.
- Interface with wider CTC teams ensuring platform integration with security operations, threat intelligence, IAM and network security.
- Facilitates security requirements clarification for multiple networks to enable multi-level security to satisfy organizational needs
- Works with stakeholders and senior business leaders to recommend business modifications during periods of vulnerability
- Be responsible for triaging based on risk assessments of various threats and managing resources to cover impact of disruptive events
- Adds to team culture of diversity, equity, inclusion, and respect
Required qualifications, capabilities, and skills
- Formal training or certification on security engineering concepts and 5+ years applied experience developing, engineering or architecting within a public cloud environment.
- Skilled in planning, designing, and implementing enterprise-level security solutions
- Experience following agile practices like Test Driven Development (TDD) and Behavior Driven Development(BDD)
- Experience engineering with Terraform or infrastructure-as-code and Understanding of DevOps or CI/CD concepts
- Advanced in one or more programming languages
- Advanced knowledge of software application development and technical processes with considerable in-depth knowledge in one or more technical disciplines (e.g., cloud, artificial intelligence, machine learning, mobile, etc.)
- Ability to tackle design and functionality problems independently with little to no oversight
- Practical cloud native experience (i.e. AWS, Azure and/or GCP)
- Eagerness to collaborate in a team, and comfortable in both virtual and office environments
- Self-disciplined, self-managed, self-motivated and strong sense of ownership, urgency, and drive
- Proficient verbal and written communication skills, including the ability to effectively participate in discussions and meetings with internal management, peer groups, regulators and senior stakeholders
Preferred qualifications, capabilities, and skills
- Leadership experience would be advantageous
- Extensive experience with threat modeling, discovery, vulnerability, and penetration testing
- Familiarity with Cloud Security Posture Management (CSPM) products (i.e. Wiz, Prisma Cloud, CloudGuard, Orca Security, CrowdStrike Falcon Cloud Security, MS Defender…)
- Accreditation/Certifications:
- AWS Certified Practitioner/Cloud Engineer/Software Development Engineer/Cloud Security Engineer/Cloud Security Architect/Application Architect
- Google Certified Professional Cloud Security Engineer and/or Microsoft Certified: Azure Security Engineer Associate
- CISSP