Cloud Security Engineer

Transdev - Milwaukee, WI

posted 3 months ago

Full-time
Milwaukee, WI
5,001-10,000 employees
Transit and Ground Passenger Transportation

About the position

The Cloud Security Engineer at Veolia North America is responsible for designing, implementing, and managing secure cloud architecture to protect cloud-based assets from potential threats. This role is critical in developing and enforcing cloud security policies, conducting risk assessments, and ensuring compliance with industry standards. The engineer will collaborate with IT, development, and operations teams to embed security into every aspect of the cloud and application security lifecycle, advocating for security best practices and driving a security-first culture across the organization. In this position, the engineer will develop and implement automated security solutions to streamline security processes, improve efficiency, and enhance response capabilities. They will work closely with architecture and IT teams to design, implement, and manage security measures for cloud environments. A significant part of the role involves developing and enforcing security best practices for Infrastructure as Code (IaC) to ensure secure deployment and configuration management. The engineer will also secure containerized environments, including Docker and Kubernetes, ensuring compliance with security benchmarks. The Cloud Security Engineer will partner with DevOps teams to integrate security into the CI/CD pipeline for container deployment and management. They will lead application security initiatives alongside the Senior Application Security Engineer, which includes secure code reviews, vulnerability assessments, and web application penetration testing. The engineer will develop and maintain application security standards and guidelines, ensuring they are integrated into the software development lifecycle. Staying updated on the latest security threats, trends, and technologies, especially in cloud, IaC, and container environments, is essential. Proactively identifying and investigating security threats by analyzing security logs, conducting threat hunting exercises, and implementing advanced detection mechanisms is a key responsibility. The engineer will continuously evaluate and improve security tools and processes to address evolving security challenges. This role requires a high-energy, action-oriented approach to work tasks, with a willingness to act swiftly and with minimal planning when opportunities arise. Building strong peer relationships and fostering problem-solving for mutual benefit while advocating for information security interests is crucial for success in this position.

Responsibilities

  • Collaborate with IT, development, and operations teams to embed security into every aspect of the cloud and application security lifecycle.
  • Advocate for security best practices, raising awareness and driving a security-first culture across the organization.
  • Develop and implement automated security solutions to streamline security processes, improve efficiency, and enhance response capabilities.
  • Collaborate with architecture and IT to design, implement, and manage security measures for our cloud environments.
  • Develop and enforce security best practices for Infrastructure as Code (IaC) to ensure secure deployment and configuration management.
  • Secure containerized environments, including Docker and Kubernetes, and ensure compliance with security benchmarks.
  • Partner with DevOps teams to integrate security into the CI/CD pipeline for container deployment and management.
  • Lead application security initiatives, including secure code reviews, vulnerability assessments, and web application penetration testing.
  • Develop and maintain application security standards and guidelines, ensuring they are integrated into the software development lifecycle.
  • Stay abreast of the latest security threats, trends, and technologies, especially in cloud, IaC, and container environments.
  • Proactively identify and investigate security threats by analyzing security logs, conducting threat hunting exercises, and implementing advanced detection mechanisms.
  • Continuously evaluate and improve security tools and processes to address evolving security challenges.
  • Build strong peer relationships by finding common ground and fostering problem-solving for mutual benefit.

Requirements

  • Bachelor's or Master's Degree in Computer Science, Engineering, Information Security or extensive professional experience considered in place of a Bachelor's degree.
  • Minimum of 7 years' experience in Information Security within cloud-native or SaaS technology environments.
  • 3-5 years of hands-on experience securing Infrastructure as Code, Application Security, and Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAML.
  • Minimum two years of experience automating and scaling CIS benchmarks or equivalent standards.
  • Proficiency in cloud platforms such as AWS, Azure, and GCP, container orchestration tools (Kubernetes, Docker), and Infrastructure as Code (Terraform, Ansible).
  • Experience in application security practices and tools, including static/dynamic analysis and familiarity with OWASP standards.
  • Strong analytical, problem-solving, and communication skills.
  • Ability to work collaboratively in a dynamic environment.
  • Extensive experience writing technical and business-friendly security documentation.
  • Strong written and verbal communication skills in English.

Benefits

  • Paid time off policies
  • Health insurance
  • Dental insurance
  • Vision insurance
  • Employer sponsored 401(k) plan for retirement savings.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service