X

Senior Security Consultant

Our partner organization is seeking an experienced security professional to join the Product Security Support Team-PSST, and the larger Solution Architecture group reporting into the Office of the CTO.

To be successful in this role the candidate must have hands-on experience and a proven record securing Azure, GCP, AWS, Hosted Cloud Solutions, embrace continual learning, be willing to mentor and share ones’ security knowledge with PSST/Solutions Architecture team members, work on multiple projects simultaneously, effectively engage and consult with a diverse group of internal (e.g. Dev, Test, OPS, IT/Corporate Security, Professional Services, Product Management, Sales, etc.) and external (e.g. Customers, Business Partners, 3rd-party SaaS/OEM/Resellers, External Security Researchers, etc.) stakeholders, and establish oneself as a recognized thought leader among consulting engineers within the organization’s community.

ABOUT THE RESPONSIBILITIES

Primary Skillset/Role:

·       Complement existing PSST Security Consulting, Hardening and Penetration Test capabilities involving Azure, GCP, or AWS Cloud-based

Offers:

o  Security Automation & DevSecOps/Green Team – Recommendation and integration of cloud-native/SaaS security services, security automation: deploy best-in-class S&T-required security tools and CI/CD protection mechanisms.

o  Offensive Security/Red Team – Ethical hacking/penetration testing and proof of concept exploits against Cloud Offers (Azure, GCP, AWS and Data Center-hosted; Staging and Production environments), ensuring the security posture of Cloud Offers, and providing evidence in support of compliance/AOC engagements (e.g. PCI DSS, HIPAA, HITRUST, FedRAMP, etc.)

o  Defensive Security/Blue Team – Security consulting targeted towards defending against cybersecurity attacks of Cloud Offers (e.g. Development, Test, Staging, and Production environments). The role includes consulting coverage for infrastructure protection, security-related forensics, incident response, damage control, and operational security.

o  Security Governance/White Team – Support PSST efforts in authoring Product and Cloud Security Engineering Criteria, assessing Offer team compliance, and providing associated Security vote at Portfolio Management Team reviews.

Secondary Skillset/Role:

·       Internally focused Security Consulting: 

o  organization-internal-only consulting with respective Offer teams during the Product/Solution/Cloud Offer development process.

o  Active membership in the organization’s Security Council, Cybersecurity VT, and Incident Response Team

·       Vulnerability Threat Management (VTM): 

o  Oversight of VTM policies, system/database, interact with product teams towards tracking/resolving product vulnerabilities, and creation of Security Advisories 

o  Serve as a member of CVE Numbering Authority-CNA and manage the security alerts mailbox which serves as a primary point of contact for External Security Researchers. Interface with product teams, Legal, PR/Communications, upper management, etc. as required.

·       Security-related Customer Support:

o  Consult with product teams in support of Development/Tier 4-owned security escalations/tickets.

o  Serve as Security Consultant / Subject Matter Expert in partnering with Pre-Sales/Sales, Professional Services, and associated Delivery teams across the organization to address customer Security concerns.

 

ABOUT THE REQUIREMENTS

EXPERIENCE

·         Hands-on experience and a proven record of securing Azure, GCP, AWS Hosted Cloud Solutions

·         Cloud Offer penetration test, security consulting, assessment, hardening, compliance, and operational security support

·         Experience collaborating with auditors on compliance engagements e.g. PCI DSS, HIPAA, HITRUST, FedRAMP Attestation of Compliance-AOCs

SKILLS & COMPETENCIES

·       IaaS/PaaS/SaaS experience securing Azure, GCP, AWS-based Cloud Solutions

·       Proven expertise in security penetration testing and associated open-source and commercial security tools (e.g. Qualys, Automated and Manual Web App scanners and proxies, API/protocol fuzzers, container and database scanners, Metasploit, Cloud-native security tools, etc.)

·       Ability to create customized scripts (e.g. via Python, Perl, Ruby) and Proof of Concept exploits and/or verify the same reported by external security researchers

·       High-tech product software/firmware support experience. In-depth problem-solving skills with demonstrated ability to isolate problems to specific software/firmware components

·       Demonstrated teamwork experience and desire to work in fast-paced security consulting role. 

·       Excellent oral and written communication skills are needed to provide detailed technical analysis tailored to internal as well as external customers. 

ADDITIONAL INFORMATION

·        Full time, globally dispersed team can require early morning (MST) calls, little to no travel required.

EDUCATION/QUALIFICATION

·       U.S. Citizenship or permanent resident card

·       B.S. degree in Computer Science, Computer Networking, or related discipline

·       M.S. degree or equivalent experience is desirable.

·       Relevant certifications are desirable (e.g. AZ-900, AZ-500, Google Professional Cloud Security Engineer / Architect, GIAC GWAPT, GCIH, GCSA, CISSP, CISA, CEH, OSCP, etc.)

·       U.S. Security clearance is desirable

Apply for this position

Drop files here, or browse