You will work closely with all our internal development teams to ensure we build in security from day one and follow best practices.Ideally you will have a solid development backgroundand have progressed to be a Cloud security expert.
You willwork closely with developers to build and deliver secure software using DevOps and cloud services, specifically Amazon Web Services (AWS). You will be responsible for leveragingprinciples, practices and toolsin DevOps and AWS to improve the reliability, integrity and security of applications.
Your ability to keep up to date on allcloud architecture and security design, both for building new architectures and for adapting tried-and-true security tools and processes to the cloud is key.
You will be an ideal candidate if:
- Have significant experience performing security design review of distributed systems and APIs.
- Served as a cloud security SME for high visibility cloud initiatives.
- Created security reference architecture for multi-tenant cloud initiatives.
- Haveknowledge of cloud computing (preferablyAWS) operations and how to secure them.
- Have an ability to translate compliance and security requirements into product requirements.
- Have an ability to work withengineersto identify thetradeoffsof different solutionsand recommendtheidealdesignto meet security requirements.
- Have experience in secure development especially in large, complex system environments.
- Deep knowledge of cloud operational models andsecure SaaS architecturein a world ofcontainerized microservices.
- Subject matter expertisein multiple domains, including cloud security, web security, mobile security,AuthN/Authzprotocols (SAML, JWT, OAuth, OpenID, Ping, Okta, etc.) and infrastructure security (Chef/Puppet).
- Experience in applying securitytocloud technologies(Managing secrets, Securing CD pipeline, Secure Infrastructure as Code, Container Security)
- Knowledge of primary AWS services (EC2, ELB, RDS, Route53, S3, Lambda) and IAM implementation
- Expertise in cloud architecture and security fundamentals including containers, software-defined networks, high availability design, multicloud, and serverless compute.
- Hands on experience in driving end to end security for cloud product - SAST, DAST, IAST, OSS scanning, pen testing.
- Expert inthreat modeling andsecure architecture review.
- 10+ years total experience and 4+ years in Cloud Security
- Presenting security risks to wide audience including senior management
- Experience designingand buildingsecurity servicesin a SecDevOps cloud operations model.
- Experience with Docker and Kubernetes.
- Knowledge of compliance requirements for industry standard certifications likelike PCI DSS, SOC2, HIPAA, FedRAMP