This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Cloudious - Bellevue, WA
posted 2 months ago
About the position
The Principal Cybersecurity Engineer/Jr. Cybersecurity Architect role is focused on ensuring that the client's software, systems, and infrastructure are designed and implemented to meet the highest security standards. This position involves performing technical security assessments, code reviews, and vulnerability testing to identify risks and remediate findings. The role serves as a subject matter expert, driving security enhancements across various technologies and acting as a principal security advisor to cross-functional teams.
Responsibilities
- Leads information security review of new technologies, designs, and remediation planning efforts.
- Collaborates with Engineering & Operations Teams to address security vulnerabilities found via PSIRTs, scans or breaches.
- Investigates and/or leads identifying security needs & recommends plans/resolutions. Implements, tests & monitors info security improvements.
- Analyzes underlying technologies for threat identification, analysis, and threat model design.
- Implements various threat modeling approaches such as STRIDE, PASTA, TRIKE, ATTACK TREE, DREAD, KILL CHAIN, CAPEC.
- Creates mobile application threat models, Cyber Threat Trees, and data flow diagrams.
- Acts as a subject matter expert in network & information security, including Firewall policy design and SSL Certificate management.
- Demonstrates advanced understanding of IP/Security solutions & technologies applicable to Wireless Network Architecture.
- Creates technical specifications and requirements, working independently with minimal supervision.
- Adapts quickly to new or evolving technologies related to new products & services requiring validation or research.
- Communicates effectively with diverse cross-functional groups and presents advanced concepts to leadership and peers.
Requirements
- 10+ years of experience in Cyber Security.
- 5+ years of experience in Java, frameworks, Python, Node.js.
- 5+ years of experience in Threat Modelling techniques like STRIDE, PASTA, TRIKE, ATTACK TREE, DREAD, KILL CHAIN, CAPEC.
- 8+ years of experience with SSL.
- 5+ years of experience in Firewall policy design.
- 5+ years of experience in vulnerability analysis & mitigation.
- 5+ years of experience with load balancers (e.g., A10, F5), firewalls (e.g., CheckPoint), Venafi, MDM (e.g., Mobile Iron), Cloud (e.g., AWS, Azure), Malware Protection (e.g., FireEye), Advanced Persistent Threats (e.g., Damballa), Privileged Accounts (e.g., CyberArk), SIEM (e.g., ArcSight), Log & Event (e.g., Splunk), Intrusion IDS/IPS (e.g., Symantec).
- 5+ years of experience with Cloud Platforms (e.g., PCF, Docker), Scanning (e.g., Qualys), AppSec (e.g., Veracode).
- Knowledge of federal & compliance regulations (e.g., SOX, PCI & CPNI).
- Working knowledge of web application development, RESTful APIs, and skills in Java, frameworks, Python, Node.js.
