Senior Cloud Security Engineer

About The Position

Requirements

• B.A. or B.S. (or higher level degree) in Computer Science or a similar engineering program with strong academic performance preferred.
• 5-8 years of information security experience.
• CISSP, CISA, CEH, OSCP or other information security certification.
• Perform security reviews of application designs, source code and deployments.
• Must have knowledge and stay up to date on the latest security advisories, alerts and vulnerabilities.
• Strong verbal and written communication skills for a highly collaborative environment.
• Rigorous attention to detail and focus on quality of deliverables.
• Familiar with AWS services like EC2 & ECS, WAF & VPC configuration & IAM rules.
• Familiarity with something like Terraform/CloudFormation.
• Comfortable with Python and able to read Java when necessary.
• Proven team experience and comfort in a team-oriented environment.
• Passion for working with technology and excitement for creating high quality consumer technology product.

Responsibilities

• Determine, monitor and maintain our security posture, in collaboration with Engineering.
• Perform security audits.
• Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients.
• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Oversee and manage the deployment, integration and configuration of security solutions and of any enhancements to existing security solutions and the enterprise's security documents.
• Develop and maintain threat models for cloud environments and train engineering teams to develop attacker/risk driven design skills.
• Provide deep expertise to engineering teams on SDLC practices including secure design, secure development, secure testing, security runtime for software and firmware development.
• Actively partner with infrastructure, application and other stakeholders to ensure deployed solutions minimize security and privacy risks.
• Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks.
• Maintain Incident Response Program.
• Recommend actions/practices to management in order to ensure compliance with security and regulatory requirements in decision-making processes.
• Suggest actions in order to mitigate risk in any activity that potentially impacts security of existing IT and information management.
• Craft responses to client and partner security questionnaires.
• Other duties as assigned.

Benefits

• Competitive pay and benefits inclusive of subsidized medical plan options.
• HSA with generous company contribution.
• 401(k) with employer match.
• Paid holidays, wellness time, and vacation increasing with tenure.
• Paid maternity and bonding leave.
• Company-paid disability and life insurance.
• FSAs, well-being resources and activities.
• Casual dress work environment.