Security Assessor (Contract)
About Your Role:
As a Cloud Security Assessor, you will be instrumental in increasing the quality and level of security for our cloud environment. You will work on building and automating security test suites by establishing a DevSecOps workflow that integrates into our CI/CD pipeline.
The successful candidate will work closely with front-end engineering, application engineering, and QA engineering to improve and automate security test suites as part of our software development lifecycle. This person must have the ability to deliver succinct, impactful and professional communication, and demonstrates the ability to easily adjust their communication to the appropriate audience.
Deep familiarity with Container technologies, Jenkins, Ansible, AWS, Cloudformation, IAM, secrets management, and Python are critical requirements for success in this position.
About Your Contributions:
- Design and develop automation to ensure platform, services, container, and machine security
- Act as a security subject matter expert to support development and operations teams and activities
- Recommend and help implement improved threat response capabilities into the DevOps platform
- Coordinate testing activities including traditional penetration testing as well as developing automated security QA testing
- Communicate security best practices and techniques
- Audit the accuracy of identities and roles within various platforms
- Interpret corporate security guidelines to cloud adoption framework
- Technical writing of policies, standards, and procedures
- Experience with a broad set of information security best practices and technologies (e.g. application security, risk management, data protection, encryption, identity and access management, logging and monitoring, network security, security governance, etc.) within cloud environments
- Experience working with cloud access security brokers (CASB) and cloud security management/governance tools
- Experience with various network and host based information security technologies, including firewalls, WAFs, intrusion/threat detection/prevention, data loss prevention, anti-malware, file integrity monitoring, etc.
- Experience with encryption (at-rest, in-transit, in-use) and secrets and key management within cloud environments
- Experience with information security testing methods and technologies, including penetration testing, web application security assessments, vulnerability assessments, etc.
- Understanding of Secure Software Development Life Cycle (SSDLC) security requirements (e.g. risk assessments, threat modeling, security design reviews, static application security testing, and dynamic application security testing)
- Understanding of enterprise IT security risk assessments and related frameworks (e.g. SOC2, ISO 270XX, NIST CSF, NIST 800-XX, COBIT, etc.) and industry best practices
- Understanding of Cloud Security Alliance (CSA) framework, CSA Cloud Control Matrix (CCM), and CSA Consensus Assessments Initiative Questionnaire (CAIQ)
- Proficient verbal and written communication skills, including the ability to independently and effectively participate in strategic collaboration with other line of business peers
- Strong organizational skills with an ability to multitask effectively and deliver against commitments
About.com is reimagining the way people find expert advice and answers online. Through its premium vertical brands including Verywell, The Balance, Lifewire and its namesake About.com, we help tens of millions of users each month answer questions, solve problems, learn something new and find inspiration on topics they deeply care about.