Cloud Security Engineer

About the position

Come work at Stanford, where we're on a mission to give meaning, solve problems and enrich human lives on a global scale. Stanford's Information Security Office is looking for a cloud security engineer to work with our small, tightly-knit team on a wide range of security-related projects, helping to protect our digital resources. The Information Security Office is a high-profile team, and is one of the few departments with university-wide purview, so you'll have plenty of opportunity to share and shine. We operate with a high degree of autonomy, expecting each of our contributors to bring their own special talents to bear on the tough challenges facing the university. The Cloud Security & Vulnerability Management team in the Information Security Office (ISO) at Stanford University is responsible for safeguarding the university's cloud infrastructure, which includes IaaS and SaaS services across various cloud platforms. This is primarily a hands-on, under-the-hood position but definitely has a public-facing perspective. The team engages with thousands of cloud accounts used for research, teaching and learning, alumni, and administrative computing. The data handled includes regulated information such as health, student, payment, controlled unclassified, and export control data. The team utilizes modern security services like Wiz, Splunk, CrowdStrike, Qualys, ProofPoint (DLP and CASB) to protect users, data, and digital assets. We regularly work with our two other teams: Governance, Risk & Compliance (GRC) for policy and regulation work, as well as with Security Operations for threat detection, investigation, and response efforts. We're a part of the roughly 650-person University IT organization, and we're a key part of the bigger cybersecurity and technology community at Stanford, which spans seven schools, two hospitals and one national laboratory. We all work for the greater good. In this role, you will engage with faculty, staff, and students to advocate for secure cloud computing, apply guardrails, policies, and service controls across all cloud platforms, and integrate third-party identity provider services. You will also review vulnerability reports, lead remediation efforts, conduct security-oriented architecture reviews, and contribute to key initiatives like zero trust and NIST compliance efforts. Additionally, you will participate in a 24x7 on-call rotation for incident response, share knowledge with team members, and document workflows and processes.