Job Description:
Job Description:
Key Responsibilities:
- Threat Modeling & Risk Assessment: Conduct threat modeling and risk assessments to identify potential vulnerabilities in cloud environments and develop strategies to mitigate these risks.
- Design & Implementation: Develop and integrate security controls as code across multiple cloud platforms (e.g., AWS, Azure, GCP) to ensure the security and compliance of cloud infrastructure.
- Build Controls: Automate security processes and controls, leveraging Infrastructure as Code (IaC) tools (e.g., Terraform) to embed security at every stage of the cloud lifecycle.
- Delivery Controls: Create rules scanning of Infrastructure as Code at deployment to prevent non-Compliant code from creating Cloud Resources.
- Runtime Controls: Automate the detection and remediation of Non-Compliant Cloud Resources moving them back to a known good state without the need for human interaction.
- Compliance & Governance: Demonstrate that our cloud environments comply with internal control requirements and regulatory obligations, with robust reporting and dashboards.
- Advocacy: Communicate the possibilities the Cloud Provides for Cybersecurity vision and roadmap to stakeholders and the team and drive user adoption.
- Collaboration: Work closely with DevOps, engineering, and IT teams to integrate security best practices into CI/CD pipelines, ensuring secure and efficient deployment processes.
- Documentation: Maintain comprehensive documentation of security controls, policies, and procedures for cloud environments.
Required Experience & Qualifications:
- Experience: Significant experience in cybersecurity across multiple domains, with a strong focus on cloud security and integrating controls as code.
- Technical Expertise: Deep knowledge of cloud platforms (AWS, Azure, GCP) and significant experience building and operating cloud-native security tools and services.
- Programming & Scripting: Proficiency in programming and scripting languages (e.g., Python, Go, Shell) used for automation and security integration.
- Infrastructure as Code (IaC): Significant Hands-on experience building Cloud Services with IaC tools such as Terraform, CloudFormation, or similar.
- Security Frameworks: Familiarity with security frameworks and standards (e.g., NIST, CIS, ISO) and their application in cloud environments.
- DevSecOps: Strong understanding of DevSecOps principles and experience integrating security into CI/CD pipelines and operational processes.
- Problem-Solving: Excellent problem-solving skills, with the ability to think critically and adapt to new challenges and communicate insights in simple terms.
- Communication: Strong written and verbal communication skills, with the ability influence at all levels by explain complex security concepts to non-technical stakeholders.
- Certifications: Relevant certifications such as CISSP, CCSP, AWS Solutions Architect; AWS Security Specialty AWS Certified Security; Azure Developer Associate & Azure Security Engineer Associate
Skills:
- Planful: Thoughtfully setting, proactively managing, and predictably achieving commitments through strategy, process, communication, and delivery.
- Ownership: Acceptance of full responsibility for delivery outcome – “buck stops here” mentality. And collaboratively addressing problems as they arise.
- Connected: Clear orientation and understanding of where you, your team, your work/priorities join with others in a common goal.
- Consistency: Drive toward and adoption of logical, efficient, and sustainable processes and tools to achieve predictable results.
- Accuracy: Achieving business value (as agreed with key stakeholders and control partners) within defined tolerance across measurable parameters (scope, schedule, cost).
1st shift (United States of America)