The Security Cloud & application Engineer is responsible for implementing, maintaining, monitoring, and managing secure solutions. The engineer delivers these solutions in accordance with the organization’s architectural designs, best practices, and regulatory or compliance requirements. As risks change, the Security Engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.

The Security Cloud & Application Engineer is expected to contribute to the development and implementation of strategies to protect computer systems, networks, and other digital assets contributing to the corporate security strategy with security leadership and other senior security staffers and technologists. In this position, you will work collaboratively with peers and stakeholders across the enterprise on implementations and management including IT infrastructure, application development, security operations, security audit and end users. With an emphasis on securing systems, applications, third-party connections, service providers and ancillary systems, business-to-business initiatives, third-party relationships, outsourced solutions, and vendors tasked with analyzing current security protocols to identify weaknesses or vulnerabilities that could be exploited by hackers. Considered a knowledgeable individual, the Security Cloud & Application Engineer is expected to implement, monitor, and manage secure solutions that address modern day issues. The Security Cloud & Application engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, cybersecurity engineers and systems administrators. At times, the Security Cloud & Application engineer acts as a liaison with business stakeholders to understand the strategy and execution outlook. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security principles and validation at all times.

• Handle day-to-day security implementations, monitoring, operational support of hardware and software, applications, managed solutions, and service provider relationships
• Engage in information security projects assisting in the delivery and support
• Deliver projects on time, within budget and in accordance with service level agreements (SLAs)
• Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted
• Participate regularly in project and change management meetings
• Partner with the business to ensure business needs are met while ensuring smooth rollout and implementation of security tools
• Conduct performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted
• Respond to and handle service and escalation tickets within SLA expectations
• Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected
• Work in tandem with senior engineers, architects, the security operations center (SOC), incident responders (in cases of anomalous activity and host compromise), and technology infrastructure and development team members
• Implement solutions observing compliance – Health Information Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. – and privacy laws
• Respond to and handle service and escalation tickets within SLA expectations
• Perform other duties as assigned by manager

• 5+ years’ experience in cybersecurity, including compliance and risk management with a system and network security engineering background required.
• Highly technical and analytical expertise, with a proven background (5+ years’ IT experience in addition to cybersecurity) in technology design, implementation, and delivery required.
• Skilled in meeting vulnerability and penetration testing requirements
• Excellence in communicating business risk from cybersecurity issues
• Record of accomplishment of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
• Highly trustworthy; leads by example
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the secure software development lifecycle (SLDC).
• Should be familiar with static and dynamic code analysis tools
• Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes)

• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent work experience.

• CISSP, CISM and/or SANS, or Cisco-related certifications a plus

• Experience with Amazon Web Services (AWS) or Microsoft Azure
• Scripting in Python, JavaScript, PowerShell, PHP, or Ruby
• Experience in cloud computing technologies, including software, infrastructure, and platform-as-a-service, as well as public, private, and hybrid environments
• DevOps background with experience in compliance obligations
• Experience with one or more of the following: ISO 27001, NIST, PCI Data Security Standard (PCI DSS), HIPAA, Health Information Technology for Economic and Clinical Health (HITECH) Act, SOX, Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2
• Working knowledge of Windows, Linux, Unix, and Cisco networking
• Demonstrated experience with relevant technical security products, such as F5, DDoS and Cloud WAF, AWS/Azure Security Services
• Ability to work independently and tactically, with effective decision-making skills