*Please Note: The successful applicant will provide ownership of and be performing work in FedRAMP or IL-5 type environments, and therefore, must be a U.S. Person (i.e. U.S. citizen, U.S. national, lawful permanent resident, asylee, or refugee).
What You’ll Do:
- Implementing security programs for industry standards such as ISO 27001, SOC 2, ISO 27017, PCI DSS, CIS, and NIST Frameworks.
- Strategize and drive security initiatives to ensure that cloud offers align with corporate policies, standards, and industry guidelines.
- Architect and implement cloud native security controls across domains such as IAM, secure CI/CD pipeline, Incident Management, Vulnerability Management, Cryptography.
- Strategize, design and architect security solutions for cloud infrastructure.
- Write detailed security solution specifications, security control narratives, test steps, logical diagrams, and reports.
- Continuously monitor the effectiveness of security controls through comprehensive assessments across domains such as IAM, secure CI/CD pipeline, Incident Management, Vulnerability Management, and Cryptography.
- Identify process improvements and efficiencies in existing processes to build robust processes and drive implementation of controls
- Continuously monitor the effectiveness of security through various comprehensive assessments.
- Collaborate with the controls automation team to evolve the automation footprint of security controls.
- Perform RCA by engaging with relevant engineering teams and track the remediation of deviation.
Minimum Qualifications:
- Must have Bachelors + 3 years of proven experience or Masters + 1 years of demonstrated experience in Information Security or Information technology or Compliance engineering.
- Proven experience implementing security programs in public cloud environments such as AWS, Azure, or GCP.
- In-depth understanding of technology compliance frameworks such as ISO 27001, SOC 2, ISO 27017, PCI DSS, CIS, NIST Frameworks, andOWASP App Security Testing Guidelines.
Preferred Qualifications:
- Ability to research and implement security solutions involving various technologies across public cloud environments.
- In-depth understanding of domains such as IAM, secure CI/CD pipeline, Incident Management, Vulnerability Management, Cryptography.
- Excellent problem-solving and critical thinking skills.
- Capable of collaborating with cross-functional technical and business teams and varying levels of management.
- Excellent communication and reporting skills with ability to present to business and engineering teams with clarity.
We tackle whatever challenges come our way. We have each other’s backs, we recognize our accomplishments, and we grow together. We celebrate and support one another – from big and small things in life to big career moments. And giving back is in our DNA (we get 10 days off each year to do just that).