Cloud & DevOps Security Engineer
We are seeking an Information Security Cloud & DevSecOps Engineer to conduct application and infrastructure security design reviews, conduct security risk assessments, and operational maintenance for existing security programs for DevOps. The Engineer will provide deep technical leadership to Product Development functions to ensure the confidentiality, integrity and availability of corporate information assets, as well as work closely with various internal stakeholders to provide security guidance and improve the overall security posture to meet the expanding and changing business needs of the organization.
The Imperva InfoSec is expandng its capabilities to ensure secure design, deployment and adoption of internal and public Cloud for applications and infrastructure with the required security guardrails. The candidate will have strong technical acumen and should establish strong foundation with secure design blueprints for Cloud deployment, working with application managers, domain architects, Cloud security, developers, IS teams and other disciplines with a focus on public Cloud to ensure that they are highly resilient from Internet-borne threats.
- Engage in the initial requirements definition (including analysis of threats and risks and alignment with IS and Architecture standards) for internal and public Cloud usage
- Work with enterprise DevOps and Cloud development teams in design and development of security guardrails for secure deployment of applications
- Conduct threat modeling and architecture risk analysis, for Cloud deployment projects, to ensure security gaps are identified during the design and recommend remediation actions.
- Plan the resolution of any identified vulnerabilities/issues and govern them for closure
- Security review of applications including responsibility for driving requirements definition and risk analysis
- Facilitate and support threat/architecture reviews and scenario analysis/red team exercises
- Provide SME support to projects and programs
- Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
As a Cloud and DevOps security engineer, you will review our most critical applications and their technology stack from top to bottom. Therefore, we require in depth subject matter expert knowledge of application security, with thorough understanding of infrastructure and network security in context of Cloud deployment.
• 10+ years of relevant experience
• Proven experience as Security Architect or Application Architect with Security knowledge is preferred
• Ideally candidate who has worked for a similar organization, with 5+ years of experience as application security consultant / penetration tester / security architect, with focus on secure deployment of Cloud strategy.
• Must have SME level knowledge of designing and implementing security guardrails for deploying applications in public Cloud environment.
• In depth understanding of public Cloud and application architectures and technologies
• Thorough understanding of industry and technology standards for Information and Application Security
• Strong knowledge of software development/deployment methodologies in public Cloud environments
• Strong understanding of information security and risk analysis processes, including threat modeling.
• Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred
Imperva is an analyst-recognized, cybersecurity leader—championing the fight to secure data and applications wherever they reside. Once deployed, our solutions proactively identify, evaluate, and eliminate current and emerging threats, so you never have to choose between innovating for your customers and protecting what matters most. Imperva—Protect the pulse of your business.