- Degree in computer science, engineering or related discipline or military experience; industry recognized cloud certifications, patents, open source contributions are preferred
- 15+ years of experience in engineering
- 5-7 years of experience in cloud security with at least one of the hyperscalers (preferably AWS or Azure)
- Deep security track record in modern tech stacks, industry trends and best practices frameworks and programming languages
- Experience building enterprise-grade systems that are highly scalable, performant, reliable and secure in global regulated environments
- Demonstrated experience and an eye towards finding suspicious activities (threat modeling, etc.)
- Expert level experience in identification of layered security and compliance controls (directive, detective, preventative and corrective) and their applicability to a variety of cloud services guided by business strategy
- Proven track record as a key contributor to multi-account/inter-region multi-cloud solutions with focus on strong governance compliance and security best practices including the design, translation, and implementation of security controls mapped to industry standards and regulatory frameworks (e.g. NIST 800-53, AWS Foundational, CIS, PCI DSS, SOC2, HiTrust, etc.)
- Deep expertise in assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development, application security, OWASP), data protection, cryptography, key management, identity and access management (IAM, OAuth, OpenID, Okta, etc), network security (NGFW, WAF, IDPS) within SaaS, IaaS, PaaS and other cloud environments.
- Proficient in securing cloud-native and containerized (K8s) environments; experience with CI/CD tooling and automation of development orchestration, configuration management (GitHub, Sonar, GitVersion, Docker, Jenkins, Puppet, Chef, CodeStar, etc.) preferred; experience and ability to express the desired state via declarative IaC tools such as CloudFormation or Terraform
- Experience with secure API management, Microservices, Event-driven, Serverless and immutable architectures including complex interdependencies and integrations
- Experience in securing operations such as deploying, running, monitoring, and maintaining software and services, large multi-cloud deployments (incl. distributed systems and container security, etc.), and creating and triaging alerts around the health and security of systems
- Outstanding analytical thinker with strong abstract problem-solving skills in a fast-paced environment
- Collaborative; ability to build strong relationships that enable robust debate, decision making and survive periodic disagreements regarding priorities
- Excellent communication skills including the ability to communicate to internal Risk and Security (technical and non-technical audience); willingness to transfer knowledge to engineering team
WHO YOU'LL WORK WITH
You’ll work in our Waltham, Atlanta or New York office as part of McKinsey’s global Technology & Digital leadership team. You will work with teams in our global technology hubs that are located across the US, Prague and Gurgaon.
At McKinsey we are constantly evolving with the rapid pace of technology and helping our clients win with game-changing strategies, solutions and products. We are taking a cloud-first approach to our internal technology transformation at the firm and seeking a distinguished engineer to shape and accelerate the delivery of core capabilities. We are on a quest to find a passionate technical leader who loves to ‘code & lead’ and to build great products in a high-energy agile environment.
WHAT YOU'LL DO
You will lead the design and development of the multi-cloud security architectures for protecting systems and data deployed in a wide range of public and hybrid cloud systems.
In this role, you will play a highly visible and influential role across the security community and help drive the adoption of the modern technology stacks in collaboration with groups and chapters across Technology & Digital as well as the broader firm and external strategic partners. You will directly contribute to the overall global enterprise cloud architecture and lead the security vision and strategy around cloud-based applications across all archetypes (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). You will act as the ambassador and senior technical representative for security while engaging with other senior technical leaders throughout McKinsey (including the CTO, CIO, CISO and other distinguished engineers) in design and implementation of security frameworks, reusable component and cloud and cloud/hybrid based implementations and solutions.
You will lead the experimentation with emerging security technologies and tools in the cloud and data & analytics space as well as co-innovate with strategic partners to help drive game-changing solutions and client offerings. You will work and develop standards in partnerships with engineering, managed infrastructure services and application development organizations to choose appropriate technology solutions to facilitate complete integration into the company environments.
You will also be a key expert, role model and mentor within the One-Firm security organization to devise and build secure-by-design cloud ecosystem, ensuring compliance with privacy, regulatory and data residency requirements.
High Tech Infrastructure