Senior/Lead Cloud Security Engineer

About the position

iHeartMedia seeks candidates for the position of Senior Cloud Security Engineer. This role is responsible for reviewing cloud architectures and leading the efforts to secure and ensure compliance enforcement through automation, environment assessments, and policy shaping.

Responsibilities

• Provide guidance to product and IT teams for all public cloud related matters in AWS, GCP, and Azure
• Act as highly technical cloud security Subject Matter Expert (SME) for the InfoSec team.
• Research, innovate, and design cloud and hybrid security solutions.
• Create design artifacts to enable members of the operations or infrastructure teams to implement solutions.
• Identify opportunities to reduce cloud security risk for iHeartMedia.
• Collaborate with senior management and department leaders to assess near and long-term cloud security needs.
• Review cloud architectures and advise development teams on strong security design principles.
• Provide advanced level IAM policy guidance to enable product teams to shape least privilege access.
• Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards, and recommendations.
• Stay current with the latest cloud threat mitigation tools and techniques.
• Provide guidance for security remediation to business and IT partners by demonstrating real, practical risk and value.
• Provides vulnerability assessment of cloud assets, deliver remediation recommendations, and provides knowledgeable assistance in resolving identified vulnerabilities.
• Provides input to the overall architecture and governance model.

Requirements

• Minimum of 6+ years of experience in a Cyber Security Administrator, Analyst or Engineer role with a focus on cloud-based security.
• Broad understanding of information security and compliance risks, and how those apply to public cloud.
• Keen interest in learning about modern cloud security and information security threats, mitigation strategies, and control frameworks.
• Strong understanding of cloud-based and hybrid infrastructure components with specific understanding of the security risks presented in a centralized or decentralized and hybrid environment.
• Strong understanding of security operations and compliance environment with experience in managing multiple tasks, reporting to management, and driving security initiatives within the InfoSec group.
• Experience with SIEMs, including Azure Sentinel, and custom log sources.
• Proficiency in EDR/MDR incident investigation and threat management.
• Strong understanding of cloud native and third-party security related tools.
• Strong understanding of Multiple Public Cloud security and compliance features and configuration.
• Knowledge of network infrastructure security (physical and virtual) technologies and solutions.
• Knowledge of identity providers and identity management security.
• Demonstrated critical thinking and analytical ability.
• Demonstrated willingness and ability to learn new and emerging technologies.

Nice-to-haves

• Respect for others and a strong belief that others should do this in return
• Demonstrated initiative and achievement-oriented leadership
• Ability to manage several projects at a time
• Growth mindset and desire for continued knowledge sharing and learning
• Understanding of impact of your own decisions and decisions of your team
• Strong business insights that contribute to resolving complex problems
• Catalyst for new and innovative ideas
• Ability to identify and support new opportunities for continued improvement across business
• Ability to interact with individuals of all levels and maintain professional relationships
• Strong relationships with other leaders with the ability to manage external business partners where appropriate

Benefits

• Employer sponsored medical, dental and vision with a variety of coverage options
• Company provided and supplemental life insurance
• Paid vacation and sick time
• Paid company holidays, including a floating holiday that enable our employees to celebrate the holiday of their choosing
• A Spirit day to encourage and allow our employees to more easily volunteer in their community
• A 401K plan
• Employee Assistance Program (EAP) at no cost - services include telephonic counseling sessions, consultation on legal and financial matters, emotional well-being, family and caregiving
• A range of additional voluntary programs, such as spending accounts, student loan refinancing, accident insurance and more!