**This position has the option to be onsite in San Diego or remote.**
IT Department is seeking a Senior Staff Cloud Security Engineer to serve as a security architect and technical lead of cloud and DevOps technology security. The position will work across the Information Security (Infosec) and DevSecOps (DSO) teams to secure the IT department’s rapidly growing DevOps infrastructure and microservices (Kafka) application stack. The position will represent Infosec in the Architecture Review Board (ARB) and help to mature security function and capability within the SDLC. The Sr. Staff Cloud Engineer will also design and deploy security controls, tools, and infrastructure to secure the cloud and application environments. The position offers opportunity for career development as the Information Security program continues to expand globally.
Essential Duties and Responsibilities:
- Design and implement security architecture for public cloud platform (Google Cloud Platform/Azure).
- Develop and deploy security Policy as Code using TFC and Sentinel.
- Integrate security checks into CI/CD pipelines such as Jenkins and Cloud Build.
- Deploy and integrate security into DNS, certificate, and secrets management systems.
- Perform security assessments on new cloud/devops vendors, systems or tools.
- Conduct security reviews of web applications, integrations, and/or APIs.
- Design and manage security monitoring and threat detection systems for cloud environments.
- Integrate cloud/DevOps security tools into the SIEM (Splunk) and develop correlations.
- Help establish appsec capabilities and integrate SAST/DAST tools into the build pipeline.
- Support cloud compliance/certification activities and participate in security audits/reviews.
- Provide consulting and influence other teams to mature cloud/DevOps security.
- Serve as a security expert and provide technical leadership to other staff members.
- Typically requires a Bachelor’s degree in a technical discipline, and a minimum of 13+ years related experience or a Master’s degree and 8+ years equivalent industry experience of a PhD and 5+ years of experience.
- 4+ years in a senior security engineer or higher role.
- Strong understanding of security controls/services in public cloud environments (Google Cloud Platform/Azure).
- Strong understanding of cloud and Kubernetes networking and network security.
- Experience in technologies such as Terraform/TFC, Gitlab or Github, Sentinel, Vault, Jenkins, Cloud Build, Twistlock, Apigee, Google Cloud Platform, Azure, encryption technologies, IAM, K8s, and containers.
- Ability to work within an Agile/Scrum framework and to manage work in Jira.
- Proficient in automation and scripting in a programming language such as Python or Go.
- Experience with Linux administration, shell scripting, containers, and open source security tools.
- Application security experience – SAST, DAST, code reviews, API security, OAuth, etc.
- Demonstrated success in influencing peers/partners without direct authority.
- Proficiency in communicating technical concepts both verbally and in written documentation.
Functional Description: Technical Individual Contributors
Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
- Possesses expert knowledge of leading technical areas.
- May be externally recognized as an expert in technical field.
- High level of understanding of solving unique problems where analysis requires an in?depth evaluation and may impact future concepts or technologies.
- Exercises independent judgment in developing methods, techniques and evaluation criteria for obtaining results.