Senior Cloud Security Engineer

Hearst Technology, Inc, Information Security Office seeks a Senior Cloud Security Engineer to lead the design and development of Azure and AWS security architecture. This position will contribute directly to the enterprise's global cloud architecture and lead the security vision and strategy for cloud-based applications.

The cloud security engineer role is responsible for architecting, implementing, and advising a secure cloud infrastructure supporting business needs. The position will design secure infrastructure and applications that align with business and cybersecurity strategy to support a fast-paced environment. An advanced role, the cloud security engineer will deliver resilient applications at scale to support business initiatives. The cloud security engineer must have advanced administration and troubleshooting skills and the knowledge to support architecture, engineering, and design principles.

The role requires deep technical knowledge of cloud computing architecture, security principles and cybersecurity best practices. A cloud security engineer is highly technical and proficient in cybersecurity and systems administration across various infrastructure types (SaaS, IaaS, PaaS). Also, demonstrated experience with AWS, Microsoft Azure, Google Cloud and other cloud solutions is required. The ability to automate, provision and manage cloud resources across multiple environments with infrastructure as code (IaC) principles is required. Successful candidates in this role are adept at working with business units and have good listening and communication skills. In tandem with security leadership, cloud architects will consistently assess the threat landscape and adapt quickly to protect the business from risk. The cloud security engineer will report to the Director of Security Architecture and have strong working relationships with IT and application development leadership.

Typical Duties & Responsibilities

• Conduct cloud security planning to determine and describe cloud security requirements

• Architect, design and implement scalable, resilient solutions in public, private and hybrid clouds.

• Support cloud security architecture for SaaS, PaaS and IaaS.

• Recommend and advise on strategies and best practices for cybersecurity and a flexible architecture.

• Draft cybersecurity strategies that align with business objectives and meet compliance and regulations.

• Design security for monitoring, logging, IAM, encryption, data protection, detection and preventive controls.

• Work in tandem with team leads and subject matter experts to validate configurations are aligned, adopted and implemented.

• Oversee enforcement of vulnerability management mitigation in technical teams' operational responsibilities.

• Liaison with cybersecurity teammates to investigate security incidents and breaches.

• Orchestrate scalable, resilient and efficient containerized microservices.

• Integrate and automate secure continuous integration/continuous delivery build configurations for development pipelines.

• Proactively analyze, identify and resolve performance bottlenecks.

• Assist with strategy, implementation and recovery point/time objective for business continuity and disaster recovery.

• Recommend and implement cloud security tools and controls.

• Use cloud security tools for asset discovery, cloud workload protection platform (CWPP), control plane configuration and cloud security posture management (CSPM).

• Stay up to date with cybersecurity threats, risks and vulnerabilities with potential impact to services.

• Form relationships with colleagues in operations, threat intel, software development and risk management.

• Collaborate with IT and cybersecurity leadership to develop practices to reduce attack surface, as well as countermeasures to impede internal threats and external attackers.

• Define key performance indicators, objectives and key results, and metrics to illustrate efficacy with cloud infrastructure and applications.

• Attend project and implementation meetings and advise secure application and infrastructure configurations.

• Develop, maintain and enforce cloud security policies and procedures, as well as best practices for following standards such as FedRAMP, Cloud Security Alliance, SOC 1/2/3, CIS and NIST SP 800 series.

• Communicate the state of cloud security posture to cybersecurity leaders, stakeholders, IT and developers.

• Participate in cloud security groups and consortiums for knowledge and building relationships.

• Be willing to work nonstandard business hours for projects, business impact issues and incident response.

• Perform other duties as assigned.

Education

• Bachelor's degree in computer science, business, information technology, or a related field

Required Skills & Experience

• At least 10 years' experience in IT and security operations, with a focus on cloud security.

• Demonstrated experience as a team lead, managing people, as well as technology.

• Functional use with cloud tools (CWPP, CSPM, cloud-native application protection platform) and automation (Chef, Puppet, Salt, Ansible).

• Proficient in one or more: Terraform, Kafka, Kubernetes, scripting (Python, JavaScript, Bash).

• Proven use with zero trust network access, encryption, web application firewalls, data protection, vulnerability management, API security, IaC.

• Ability to influence technical team and business units and collaborate to reduce attack surface.

• Knowledge in one or more: NIST 800-144, CIS, CSA-CCM, ISO (27040, 27017, 27001).

• Capacity to comprehend complex technical infrastructure, managed services and third-party dependencies.

• Applicable knowledgeable as needed about FISMA, GDPR, PCI, CCPA, HIPAA, GLBA

• Strong written and oral communication skills across varying levels of the organization.

• Capacity to work in a team environment, excellent interpersonal and communication skills

• Capability to work independently with minimal direction; initiative and motivation to work alone

Preferred Qualifications

• Preferably one or more certifications such as GCSA, CCSP, CCSK or CISSP, or one offered by AWS, Google or Microsoft.