Our partner organization is seeking an experienced security professional to join the Product Security Support Team-PSST, and the larger Solution Architecture group reporting into the Office of the CTO.
To be successful in this role the candidate must have hands-on experience and a proven record securing Azure, GCP, AWS, Hosted Cloud Solutions, embrace continual learning, be willing to mentor and share ones’ security knowledge with PSST/Solutions Architecture team members, work on multiple projects simultaneously, effectively engage and consult with a diverse group of internal (e.g. Dev, Test, OPS, IT/Corporate Security, Professional Services, Product Management, Sales, etc.) and external (e.g. Customers, Business Partners, 3rd-party SaaS/OEM/Resellers, External Security Researchers, etc.) stakeholders, and establish oneself as a recognized thought leader among consulting engineers within the organization’s community.
ABOUT THE RESPONSIBILITIES
· Complement existing PSST Security Consulting, Hardening and Penetration Test capabilities involving Azure, GCP, or AWS Cloud-based
o Security Automation & DevSecOps/Green Team – Recommendation and integration of cloud-native/SaaS security services, security automation: deploy best-in-class S&T-required security tools and CI/CD protection mechanisms.
o Offensive Security/Red Team – Ethical hacking/penetration testing and proof of concept exploits against Cloud Offers (Azure, GCP, AWS and Data Center-hosted; Staging and Production environments), ensuring the security posture of Cloud Offers, and providing evidence in support of compliance/AOC engagements (e.g. PCI DSS, HIPAA, HITRUST, FedRAMP, etc.)
o Defensive Security/Blue Team – Security consulting targeted towards defending against cybersecurity attacks of Cloud Offers (e.g. Development, Test, Staging, and Production environments). The role includes consulting coverage for infrastructure protection, security-related forensics, incident response, damage control, and operational security.
o Security Governance/White Team – Support PSST efforts in authoring Product and Cloud Security Engineering Criteria, assessing Offer team compliance, and providing associated Security vote at Portfolio Management Team reviews.
· Internally focused Security Consulting:
o organization-internal-only consulting with respective Offer teams during the Product/Solution/Cloud Offer development process.
o Active membership in the organization’s Security Council, Cybersecurity VT, and Incident Response Team
· Vulnerability Threat Management (VTM):
o Oversight of VTM policies, system/database, interact with product teams towards tracking/resolving product vulnerabilities, and creation of Security Advisories
o Serve as a member of CVE Numbering Authority-CNA and manage the security alerts mailbox which serves as a primary point of contact for External Security Researchers. Interface with product teams, Legal, PR/Communications, upper management, etc. as required.
· Security-related Customer Support:
o Consult with product teams in support of Development/Tier 4-owned security escalations/tickets.
o Serve as Security Consultant / Subject Matter Expert in partnering with Pre-Sales/Sales, Professional Services, and associated Delivery teams across the organization to address customer Security concerns.
ABOUT THE REQUIREMENTS
· Hands-on experience and a proven record of securing Azure, GCP, AWS Hosted Cloud Solutions
· Cloud Offer penetration test, security consulting, assessment, hardening, compliance, and operational security support
· Experience collaborating with auditors on compliance engagements e.g. PCI DSS, HIPAA, HITRUST, FedRAMP Attestation of Compliance-AOCs
SKILLS & COMPETENCIES
· IaaS/PaaS/SaaS experience securing Azure, GCP, AWS-based Cloud Solutions
· Proven expertise in security penetration testing and associated open-source and commercial security tools (e.g. Qualys, Automated and Manual Web App scanners and proxies, API/protocol fuzzers, container and database scanners, Metasploit, Cloud-native security tools, etc.)
· Ability to create customized scripts (e.g. via Python, Perl, Ruby) and Proof of Concept exploits and/or verify the same reported by external security researchers
· High-tech product software/firmware support experience. In-depth problem-solving skills with demonstrated ability to isolate problems to specific software/firmware components
· Demonstrated teamwork experience and desire to work in fast-paced security consulting role.
· Excellent oral and written communication skills are needed to provide detailed technical analysis tailored to internal as well as external customers.
· Full time, globally dispersed team can require early morning (MST) calls, little to no travel required.
· U.S. Citizenship or permanent resident card
· B.S. degree in Computer Science, Computer Networking, or related discipline
· M.S. degree or equivalent experience is desirable.
· Relevant certifications are desirable (e.g. AZ-900, AZ-500, Google Professional Cloud Security Engineer / Architect, GIAC GWAPT, GCIH, GCSA, CISSP, CISA, CEH, OSCP, etc.)
· U.S. Security clearance is desirable