Spearhead the evaluation, selection, deployment and support of tools and workflows to optimize our application security, vulnerability management, cloud security, and threat management programs.
Conduct thorough assessments of existing security infrastructure and processes to identify areas for improvement.
Develop and implement strategies to proactively identify and address security vulnerabilities and threats.
Work closely with different teams to weave security into how we build and run our systems and applications.
Lead rigorous testing and analysis initiatives to identify and neutralize potential risks and vulnerabilities, safeguarding our platforms against existing and emerging threats.
Stay up to date on tools and processes as well as emerging security threats so as to continuously improve our security posture.
Provide expert guidance and support to Engineering and other teams on security best practices and standards.
Lead comprehensive security reviews and audits of applications, systems, and infrastructure to ensure compliance with security policies and best practices.
Participate in incident response activities and assist in the resolution of security incidents as needed.
Required Skills:
Bachelor’s degree in information security or equivalent education and/or experience.
Advanced Degree in Cyber/Information Security or related fields is a plus.
7+ years of relevant experience or commensurate skills in areas such as Cloud Security, Threat and Vulnerability Management, DevSecOps, Product/Application Security, or Platform Engineering.
Advanced skills in programming, scripting, and other languages (e.g., Terraform, Python, Java, YAML, CloudFormation).
Exceptional proficiency in security principles, standards, and best practices.
Extensive hands-on experience in evaluating, testing, deploying and using security tools and technologies related to one or more of application security, vulnerability management, cloud security, and threat management.
Demonstrated deep experience with cloud security services and features offered by major cloud providers, with hands-on experience integrating security controls and configurations using Infrastructure-as-Code in cloud environments.
Experience deploying services using standard CI/CD tools.
Proven ability to manage multiple priorities in a fast-paced environment, delivering security solutions tailored to the requirements of cloud-native applications and workloads.
Pluses:
Two or more industry-standard security certifications; with at least one specifically focused on securing resources in public cloud such as CISSP, CISM, AWS Security Specialty, or any advanced GIAC SANS certificate.
Additionally, helpful non-Security certs would be AWS Solutions Architect Associate/Professional.
Extensive experience with Cloud-specific security tools such as CNAPP, CSPM, CIEM and CWPP.