Senior level individual contributor responsible for Cloud Security projects – assessment, design, implementation, and post-implementation review. This role requires thought leadership experience in cloud security and automation, in addition to technical leadership experience. This role will also help expand security capabilities through automation of existing compliance, vulnerability management, security monitoring, privilege access management, asset inventory, and more.
JOB DESCRIPTION:
Essential Duties & Responsibilities
(Leads and directs the work activities and has full management responsibility for the performance and development of subordinate staff in accordance with corporate strategy)
• Build and own the Cloud Security automation roadmap
• Lead automation and tooling for the Cloud Security team initiatives by providing proven solutions to scale better CNA’s current deployment strategy.
• Work across teams to enforce security controls consistently and reduce existing security debt.
• Direct application teams with onboarding the cloud security requirements; working with vendors to troubleshoot the platform and issues related to such integrations.
• Oversee cybersecurity software engineering best practices such as unit testing, code reviews, quality engineering, supply-chain protection etc.
• Ensure appropriate security practices are communicated and implemented their application security programs. Support adherence and awareness of these practices.
• Evaluate existing and new GCP/AWS PaaS security services and understand impact to CNA Cloud security model
• Leverage automated process to mitigate security vulnerabilities in the environment by working with the Application Security team to triage security vulnerabilities
• Contribute to security requirements across CNA cloud applications, provide guidance for infrastructure security and automation, and ensure that logical security controls are manageable and scalable.
• Stay abreast of industry trends and best practices; conduct research, tests, and execute new techniques that can be reused and applied to SDLC.
Skills, Knowledge & Abilities
• Strong oral and written communication skills in the English language to work effectively with all levels of end users and IT personnel.
• Proven track records of building CI/CD pipelines for both application and infrastructure, with a focus on security.
• Expert knowledge of Cloud Security (GCP preferred). Experience in securing a multi-cloud environment is a plus.
• Excellent hands on experience with securing container at scale. Any GKE or Anthos experience is a plus.
• Mastery of automation tools (e.g. Concourse, Jenkins, Terraform, Ansible etc.)
• Comfort with automated, frequent, incremental code testing and deployment as part of a set of mature DevOps practices
• Expert knowledge of both Windows server operating system as well as expertise with one or more various Linux operating systems
• In-depth experience in providing Analysis of Alternatives for tools and capabilities from various on premise, Cloud-based, and hybrid resources
Education & Experience
• Bachelor's degree with Master's preferred in a related discipline, or equivalent
• Typically a minimum of 5 years of related work experience.