Cloud Security Engineer
About the Role:
As a member of the Cloud Security team, a successful SecDevOps candidate will need to be self-sufficient to collaborate effectively with multiple teams, such as DevOps, R&D, Application Support, and Infrastructure Operations. A diverse engineering skill set will be necessary to support the challenging and equally diverse set of responsibilities that range from security policy enforcement automation, writing continuous and on-demand system audit code, producing security and compliance metrics and reports, and also for helping teams resolve security gaps and understand security best practices. You will have to be proficient in at least one programming/scripting language to develop your own tools, and you will also need a hands-on and analytical approach to find and implement any third party tools that can help you achieve your goals.
- Centralise security policy enforcement and automate security settings across multiple disciplines (network, server, database, cloud).
- Automate collection of security metrics using an architecture that is extensible to both private and public clouds and is compatible with industry standard frameworks.
- Automate audit evidence generation to support real-time security and compliance checks, and to detect and alert for non-compliant and alien assets.
- Help Cloud Operations move towards a software defined security model where all compliance requirements, across all layers - hardware, data center infrastructure, software, third party cloud, etc - are fully centralised, software defined, automated and monitored for their effectiveness.
- Programming tasks will involve code-based interaction both with web-based UIs and infrastructure provisioning tools. Must be self-starter and be able learn technologies quickly.
- Minimum of 3-5 years of programming/scripting experience on Linux. Python, Go, or Ruby preferred. Windows PowerShell experience a plus.
- Minimum of 2-3 years experience managing AWS and/or Azure environments through API. Experience with Terraform, Git, Puppet, Ansible, and similar configuration and code management systems and tools.
- Experience with Security-as-a-Service and other third party vendors and their APIs - e.g. Splunk, CrowdStrike, Rapid7, etc.
- Thorough understanding of cloud assurance and compliance frameworks - e.g. CSA, SCAP, CloudAudit, GRC XML, ISACA's Cloud Computing Management Audit/Assurance Program, etc.
- Thorough understanding of various compliance frameworks and the ability to implement their requirements - e.g. SSAE18, FedRAMP, CSA, PCI, ISO27K, NIST, etc.
- Sysadmin experience with various enterprise operating systems and containers - including Amazon Linux, CentOS, Windows Server Core, RHEL, Docker, Amazon EKS, etc.
- Ability to work in a geographically distributed team, demonstrating excellent written and verbal communications, interpersonal skills, persistence, and an attention to detail.
- Good understanding of networking and cybersecurity fundamentals e.g. TCP/IP, DNS, TLS, OSI, Firewall Configuration, IPS/IDS, Proxy servers, WAF.
- Industry certifications relevant to the role such as CCNA/CCNP/CISSP/CEH/etc.
NICE is committed to provide an environment based on equal opportunity for all qualified applicants and employees. It is the policy of NICE to afford equal employment opportunities to qualified individuals, regardless of age, race, color, creed, religion, citizenship, ancestry, national origin, sex, gender, pregnancy, mental or physical disability, marital status, veteran status, service in the Armed Forces, sexual or affectional orientation, atypical hereditary cellular or blood traits, genetic information, status as a victim of domestic or sexual violence, and/or any other status protected by any applicable federal, state and/or local statute or regulation.