Sr. Azure Cloud Security Risk Specialist - ITmPowered
The Azure Cloud Security Risk Specialist will have 1 to 2 years' experience in Microsoft Azure and Container Security. Be responsible for establishing, designing, and running the cloud risk governance processes to drive remediation of the Container vulnerabilities from TwistLock and Microsoft Azure Policy violation vulnerabilities.
- The resource will have frequent meetings with the key stakeholders, Container Security, Application Security and Cloud Security teams to review requirements to map and design process workflows from identification of security risk to remediation to Risk Management.
- Conduct check in meetings with the Application project team and Cloud Platform team to ensure the security vulnerabilities are being remediated. Focus on remediation activities and support/guide development teams as needed with remediation recommendations/solutions and setting up processes for risk reduction.
- Ensure all the security vulnerabilities identified by Twistlock and Microsoft Azure Policy violations are captured, reviewed, and responded to in accordance with TRO defined Service Level Objectives (SLO). Establish baseline for SLO and risk management activities for Azure Policy violations and Twistlock vulnerabilities.
- Analyze the Twistlock and Azure policy violation outputs to define business requirements for JIRA/another tool integration.
- Ensure the vulnerabilities are registered and monitored in TRO JIRA/or another tool for tracking and providing leadership visibility through portfolio reporting on outstanding risk associated with vulnerabilities and remediation response performance.
- Define requirements for dashboard development for portfolio reporting. Analyzing data for risk reporting and trend analysis to ensure timely mitigation.
- Educate and collaborate with owners/stakeholders to prioritize very high and high security risks for remediation. This includes providing a methodology for prioritization of vulnerabilities for remediation, providing recommendations on how to remediate security risks, facilitating any other risk reduction/management processes, and reporting performance to meet remediation Service Level Objectives (SLOs).
- Bachelor's degree in Computer Science, Mathematics, Statistics, or equivalent work experience.
- Azure Security - 1 to 2 years' experience Azure Cloud Security, Compliance, Governance - Azure Policies.
- Familiarity with Azure Policies, pipelines, gates, Azure policy for Kubernetes tracking compliance status, minimizing drift, Azure data encryption, evaluation triggers,
- Solid background in Information Security Risk Management and Compliance
- Great to have information security certifications (CISSP, CISA, CISM...) and Microsoft Azure certifications.
- Remote Work in Denver, Atlanta, San Francisco Bay Area (candidate must be in those locations / no relocation provided).
- COVID-19 Vaccine Required - Must be fully vaccinated OR provide valid medical or religious exemption.
- Must be able to successfully pass a 12-panel drug screen, 10-year background check, employment verification.
- You will need to be a current or valid holder. No need for visa now or in future.
- W2 only - No sub vendors. Sponsorship NOT available.
- Must have direct contact information on resume (phone / email) to be considered.