Sr Cloud Security Engineer

$146,332 - $217,880/Yr

Penumbra - Alameda, CA

posted 4 months ago

Full-time - Mid Level
Alameda, CA
Professional, Scientific, and Technical Services

About the position

The Senior Cloud Security Engineer will be a key member of the Information Security & Compliance team, focusing on a highly technical, hands-on, analytical, and process-oriented approach. This role involves collaborating with product teams to engineer security solutions and provide operational support across a hybrid cloud environment. The engineer will ensure compliance with legal and regulatory requirements while maintaining the company's information security policies, standards, and industry best practices. In this position, the engineer will be responsible for designing and developing innovative security solutions to protect applications and data deployed in the cloud. This includes developing and sustaining the security vision and strategy for all deployments across infrastructure and software, leveraging both native and third-party products as necessary. The role also entails improving security reporting, coordinating vulnerability management, penetration testing, and infrastructure compliance, as well as developing security dashboards to provide an overview of the security posture and ensure that deviations from the norm are visible and addressed appropriately. The Senior Cloud Security Engineer will have hands-on responsibility for all Azure cloud security and enterprise SaaS application security. Continuous monitoring of the effectiveness of security controls will be essential, involving comprehensive assessments across various domains such as Identity and Access Management (IAM), secure CI/CD pipelines, incident management, vulnerability management, and red-teaming exercises. Collaboration with the operations team on Security Operations Center (SOC) tools, including SIEM, UEBA, NDR, and SOAR, will be necessary to define use cases and ensure full coverage of the MITRE framework. Additionally, the engineer will identify, track, and resolve security issues and gaps across the Azure tenant, cloud infrastructure, and functional services across IaaS, PaaS, SaaS, and CaaS. Responsibilities also include building, deploying, and managing security tools, automating security controls, processes, and services, as well as evaluating and responding to alerts and events from security tools to minimize false positives. The engineer will develop event response documentation and processes, collaborate with security leadership, engineering, and compliance to execute security strategies and roadmaps, and assist other teams in solving security issues in compliance with business requirements and best practices. The role requires reviewing company architecture and design through a security lens to provide actionable, timely requirements and recommendations, serving as a subject matter expert for security tools, applications, and processes, and developing, enforcing, and auditing cloud security policies, standards, and procedures.

Responsibilities

  • Design and develop innovative security solutions for protecting applications and data in the cloud.
  • Develop and sustain the security vision and strategy for all deployments across infrastructure and software.
  • Improve security reporting, including coordinating vulnerability management, penetration testing, and infrastructure compliance.
  • Develop security dashboards to provide an overview of security posture and ensure deviations are visible and acted upon.
  • Manage Azure cloud security and enterprise SaaS application security.
  • Continuously monitor the effectiveness of security controls through comprehensive assessments across various domains.
  • Collaborate with the operations team on SOC tools, defining use cases and ensuring full coverage of the MITRE framework.
  • Identify, track, and resolve security issues and gaps across Azure tenant and cloud infrastructure.
  • Build, deploy, and manage security tools, automating security controls and processes.
  • Evaluate and respond to alerts and events from security tools, fine-tuning configurations to minimize false positives.
  • Develop event response documentation and processes, including diagrams for system environments and security tools.
  • Collaborate with security leadership, engineering, and compliance to execute security strategies and roadmaps.
  • Assist other teams in solving security issues in compliance with business requirements and best practices.
  • Review company architecture and design through a security lens to provide actionable recommendations.
  • Serve as a subject matter expert for security tools, applications, and processes.
  • Develop, enforce, and audit cloud security policies, standards, and procedures.
  • Responsible for IT general controls across cloud services.
  • Adhere to the Company's Quality Management System (QMS) and relevant regulations.

Requirements

  • Bachelor's degree in computer science or related field with 8+ years of experience, or equivalent combination of education and experience.
  • Azure cloud certification is required (i.e., Azure Security Engineer, Azure Administrator).
  • 8+ years of hands-on experience with Azure cloud technologies covering Network, IAM, Application, and Data Security domains.
  • Hands-on experience deploying and customizing Azure security tools and third-party security toolsets.
  • Hands-on experience using CI/CD pipelines for change management and automated security configuration enforcement.
  • Hands-on experience with Azure Directory services, PaaS services security, Azure policies, and analytics.
  • Experience with IBM QROC (QRadar on Cloud) SIEM, UEBA, NDR, SOAR tools, and proficiency with Areal Query Language (AQL).
  • Programming experience in a higher-level language such as NodeJS, Ruby, Chef, Puppet, YAML, JSON, and/or Python.
  • Expert level understanding of API-based security and compliance standards, Unix/Linux, Windows operating systems, and scripting.
  • Good understanding of tools such as Ansible, Terraform, CI/CD (Jenkins, GitHub, etc.), Docker, and Kubernetes.
  • Experience defining cloud security policies and standards.
  • Experience with log management, EventHub, and/or correlation systems/services.
  • Ability to write SQL queries and build dashboards and reports.
  • Strong collaboration, presentation, and analytical problem-solving skills.
  • Excellent oral, written, verbal, and interpersonal communication skills.
  • High degree of accuracy and attention to detail.
  • Proficiency with MS Word, Excel, and PowerPoint.
  • Excellent organizational skills with the ability to prioritize assignments while handling various projects simultaneously.

Nice-to-haves

  • Other Network & IAM certifications preferred, i.e., CCNP, JNCP, CIAM, etc.

Benefits

  • Medical, dental, and vision insurance coverage.
  • Life, AD&D, short and long-term disability insurance.
  • 401(k) with employer match.
  • Employee stock purchase plan.
  • Paid parental leave.
  • Eleven paid company holidays per year.
  • A minimum of fifteen days of accrued vacation per year, increasing with tenure.
  • Paid sick time in compliance with applicable laws.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service