Cloud One Security Engineer at Trend Micro in Ottawa, ON

The Cloud One Security Engineer is a pivotal member of the product team, driving continuous improvement on the security of Cloud One products and services. You will work directly with developers, quality engineers, operations, product managers, vulnerability researchers, support, IT and many other teams within Trend Micro to directly improve product security and compliance. Your comprehensive security background will ensure all bases are covered and constantly being leveled up across the entire team.

We are looking for someone who:

• Has a broad understanding of software security practices and benefits
• Has a broad understanding of software security certifications, their practicality and benefits (i.e. PCI-DSS, SOC, ISO)
• Has incredible communication and influence building skills, welcomes scrutiny to constantly improve, and will keep all aspects of security program business transparent
• Can leverage their experience to choose and drive the most impactful training programs for developers
• Is well versed in Cloud Security (AWS, Azure, GCP etc.) and can articulate/move forward best practices
• Has a solid understanding of software design, programming concepts and best practices with a focus on security “in the flow”.
• Has proven work experience with threat modeling, penetration testing, and vulnerability assessments
• Has good understanding of available tools and integration points of security within development pipelines
• Has proven experience in vulnerability management and response
• Has a fantastic architectural knowledge of security, and can provide insight and direction early in the design stage of components
• Has a passion for automation and fanatical desire to choose best fit tools that reduce cost and improve security long term
• Capable of hand-on coding of small improvements on security training and controls
• Has a passion for automation and fanatical desire to choose best fit tools that reduce cost and improve security long term
• Computer Science, Engineering degree or equivalent experience

You'll be working on things such as:

• Coordinating security and compliance projects with worldwide development, operations and security teams
• Defining and evolving our portfolio of product security certifications as dictated by business needs
• Communicate Cloud One security practices to customers, product management and field teams
• Performing security audits of software and solutions
• Assisting with Threat Modeling and security design of new product features
• Working with worldwide build and automation teams to develop strategies to improve the accuracy and coverage of security automation
• Assisting worldwide operations and SRE teams in designing runtime security controls and monitoring
• Responding to vulnerabilities, providing fix recommendations and measuring security risk
• Ensuring secure coding training is delivered and is effective to the highest standard
• Measuring your progress through KPIs in all the different areas of a security program, and building tools and processes that will scale the program with the size of the team
• Providing security advice to developers and product management teams
• Establishing tools, practices and processes critical to managing SaaS offerings across multiple data centers globally

Qualifications:

• 2 years minimum in an enterprise development or application security role
• Excellent understanding of software security best practices.
• Skilled with software and network security testing tools
• Excellent communication and interpersonal skills
• Strong familiarity with Git, CI/CD pipelines and Infrastructure as Code
• Proficient with AWS services and APIs
• Post-secondary computer science, information technology or information security related education