Partner with cloud platform engineers on secur ing cloud design patterns and c reate prototypes to demonstrate that a proposed solution would work
Drive remediation of high-risk, high-impact vulnerabilities across infrastructure and applications
Promote DevSecOps principles and i mplement security as code using Terraform and CI/CD pipelines and enforce via policies
Develop and execute security controls, defenses, and countermeasures to intercept and prevent internal or external attacks against cloud infrastructure
Provide thought leadership for cloud security and infrastructure automation, tool optimization, vulnerability management, and strategies for risk reduction
D esign, develop, and deploy security automation for application and infrastructure security
Participate in architecture reviews for upcoming projects , representing the security team
What you ll bring
8 + y ears of relevant work experience
Significant technical experience in cloud computing platforms and automation
Deep u nderstanding of security automation within DevOps and CI/CD processes including vulnerability identification and management
Experience working with container technologies including Docker and Kubernetes
Experience with automated provisioning scripts such as CloudFormation, Terraform or Ansible
Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
Comfortable working with existing scripts and code , open-source tools, and APIs to drive improvement and efficiency in scripting languages such as Python, Go, or PowerShell
Creative, resourceful , and adaptive problem solving
Excellent written and oral communication skills and ability to work with people at every level
Ability to work independently and with various other teams across the organization
Ability to connect tactical activities to longer-term outcomes
Stand O ut Qualifications
Experience as an application security engineer as the fields of AppSec and CloudSec continue to merge
Experience working in AWS with features such as Guard D uty, Athena, Security Hub, SCPs, CloudTrail, ECS, EC2 , SSM, IAM , WAF , and Shield