Director of Cloud Security

Qualys   •  

Foster City, CA

Industry: Business Services


11 - 15 years

Posted 297 days ago

This job is no longer available.

Duties and responsibilities

  • Audit systems for secure configuration -  users, time, central logging, etc
  • Identity management -- Directory service / authentication administration
  • Continuous vulnerability assessment and remediation
  • Lead all the critical compliance and audit requirements with FedRamp, SSAE16 SOC1/2.
  • Work with 3rd party companies on Code assessments, pen testing.
  • System/networksecurity monitoring with Security Information Event Management tools.
  • Active participation in incident response.
  • Maintain documentation of operational processes.
  • Continuously review security bulletins and related news; stay apprised of current threats and trends.
  • Build and manage software patches and upgrades for production environment.
  • Provide data and root cause analysis for each service impacting incident with all possible corrective actions for improvement.
  • Work with multiple teams in analyzing each service outage, measure, maintain and present the service quality metrics to management.
  • Responsible to maintain 24/7 service to customers and reduce MTTR in case of service interruption.
  • If required work with customers to identify and resolve customer issues related to Qualys products and services.
  • Participate in product design discussions and make appropriate recommendations.
  • Responsible for setting up SOC and training SOC team for L1/L2 Security Operations function.

Knowledge, Skills and Abilities required: 

  • 10+ years of experience in systems administration.
  • BS or Engineering in Computer science or electronics or related IT focused.
  • Extensive knowledge of information security principles and practices, understanding of security protocols, principles, standards and defense in depth.
  • Experience with leading customer focused security requirement discussions.
  • Experience with driving securityarchitecture, security controls and procedures documentation.
  • Experience with information security tools for performing vulnerability assessment, intrusion detection, integrity checking, event management
  • Extensive knowledge of Unix/Linux systems including hardware, software and applications.
  • Extensive knowledge of PKI, VPNs; Firewalls, IDS, TLS, Incident Handling
  • Strong grasp of TCP/IP fundamentals, UNIX operating systems
  • Knowledge of VMware and other virtualization products.
  • Knowledge of Apache and Tomcat web servers.
  • Must have exceptional verbal, written, interpersonal and presentation skills.
  • Must be able to work on 24/7 on-callschedule.
  • Must be able to work constructively in team environment.
  • Working experience in SaaS is highly desirable.
  • Working experience in public cloud desirable.
  • Applicant should have a valid passport.
  • Security Certifications a plus.