AXWAY SOFTWARE - Scottsdale, AZ
posted 3 days ago
- Senior
Hybrid - Scottsdale, AZ
Publishing Industries
About the position
The Axway Cloud Security team is seeking a new Senior Cloud Security Engineer that will be critical to delivering secure cloud services to customers in government, banking, financial services, healthcare, life sciences, manufacturing, and other security-conscious industries.
Responsibilities
- Engage with internal and external teams to secure the deployment of cloud products and services.
- Perform architectural reviews of cloud solutions, including the application of security principles and development of security requirements.
- Assess the risk of vulnerabilities and security designs to ensure the security of Axway and its customers' applications and data is maintained.
- Automate the application of security controls, as well as the detection of security control adherence throughout the cloud.
- Execute the development of securing cloud infrastructure and process improvement over the domains of security engineering, automation, incident management, vulnerability management, intrusion detection, and incident response.
- Deploy, maintain, and utilize various security tools including SIEM, endpoint protection, AV, best practice analyzers, and vulnerability scanners.
- Secure cloud infrastructure using industry best practices and frameworks, such as CIS Benchmarks, Cloud Security Alliance (CSA), etc.
- Assist with compliance audits such for ISO 27001, SOC 2, NIST, and GDPR.
- Monitor cloud networks for security issues.
- Update and define security engineering operations standards, processes, and playbooks.
- Commit to developing and honing skills via certifications, instructional courses, security news feeds, and/or research.
- May at times be required to be customer-facing.
Requirements
- Five to seven years general information security experience, with a deep understanding of cybersecurity principles, technologies and best practices.
- Strong problem-solving and analytical skills.
- Three years experience with automation, including coding and scripting against cloud-relevant technologies such as the AWS control plane, Azure Active Directory (AAD), Kubernetes, and other API-enabled security technologies.
- Experience with Amazon Web Services (AWS) security technologies and best practices, including the application of security principles within AWS and Azure, Kubernetes, and other technologies.
- Three years information security experience as a subject matter expert working across two or more technology layers (e.g., application, network, platform).
- Three years experience designing security architecture for application and enterprise technologies (e.g., privileged account management, secrets management, SIEM, networking, etc.).
- Three years experience translating business requirements and priorities into security architecture standards.
- Experience in configuration and operation of security incident event management (SIEM), endpoint protection, and other security technologies such as Splunk, Microsoft Sentinel, ELK, CrowdStrike, Sumologic, Tripwire, OSSEC or similar tools/technologies.
- Experience managing vulnerability scanning systems such as Qualys, Rapid7, Nexpose or similar.
- Experience with DevOps, continuous integration/continuous deployment (CI/CD), DevSecOps.
- Ability to communicate effectively with both technical and non-technical stakeholders, both verbally and in writing.
Nice-to-haves
- Security certifications such as: (ISC)2: CISSP or CCSP, SANS: GCLD, GCIA, GCIH, GPYC, GCSA, GPCS, or GCPN, AWS: Cloud Practitioner, Security Specialty, Solutions Architect, CompTIA: Security+.
- Bachelor's and/or Master's degree in Cyber Security, Computer Science, Information Technology, etc. or equivalent industry experience.
