Cloud Security Architect
We are looking for a Cloud Security Architect with management and deep technical engineering expertise in security operations, threat and vulnerability management, cloud security and DLP.
As part of the Gigamon Information Security team, you will have a high degree of visibility, with exposure to the IT leadership team, and will work closely with Product and IT organizations.
Reporting to the: Chief Information Security Officer
Values of a successful candidate
- Collaboration over rulemaking
- Improvement over perfection
- Pragmatism over idealism
- Authentic and empathic communication
- Continuous improvement and learning mindset
The role includes
- Ability to analyze stakeholder requirements and convert into secure and scalable cloud solutions.
- Review application architectures and implementation details for design flaws, incorrect security implementation and missing security controls.
- Create threat models to communicate risks to engineers, project managers and other technical teams.
- Address compliance and privacy issues based on the requirements for CCPA, GDPR, FedRAMP, etc.
- Implement Secure Software Development Life Cycle (S-SDLC) processes and develop secure coding guidelines
- Implement DevSecOps model while working with DevOps team to automate security in CI/CD.
- Build out new security control catalog, security policies and procedures and assist in enforcing them.
- Use Static and Dynamic Analysis tools to support broad testing and vulnerability discovery in the CI/CD pipeline.
- In-depth experience working with complex, distributed applications in AWS, Azure, Kubernetes environments
- Implement and validate the security principles of minimum attack surface area, least privilege, secure defaults, avoiding security by obscurity, keeping security simple and fixing security issues correctly.
The successful engineer
- Have a broad understanding of general software development practices, the associated risks, and the components of a modern product security program
- Work proactively or with limited guidance on tasks or work
- Collaborate well with teammates across functions including the ability to enable those teammates via formal and informal training and mentoring
- Has significant experience in scripting and automation using Python, Java, REST API;
- Understanding of common security flaws and how to prevent them (e.g. OWASP, CSC, etc.)
- Understanding of vulnerability classification and scoring (e.g. CVSS, CWE, etc.)
- Have opinions on and demonstrated experience with hardening of servers and appliances based on Linux
- AWS Cloud Experience
- Experience with DevSecOps, Code Security and relevant tools.
- Infrastructure knowledge (Networking, Security, DNS, Palo Alto Virtual Firewall)
- AWS Cloud native security controls (AWS Security Hub, AWS Guard Duty, ALB, NACL, Internet Gateways, NAT Gateways).
- Development experience for automated analysis testing
- Knowledge of crypto, especially TLS, x509, and SSH
- Multi cloud experience
- Experience with running or participating in bug bounty and responsible disclosure programs (esp. aligned with ISO29147)
- Understanding of common product security standards (e.g. Common Criteria, FIPS 140, FedRAMP, SOC2, etc.)
- Experience with threat modeling (e.g. STRIDE, DREAD, etc.)
- Knowledge of techniques for targeting a hardware attack surface, and methods for mitigating those attacks
- Container Security (ECS, EKS, Fargate)