At Shutterfly, we’re all about people — bringing them together, making them feel welcome, and connecting them to experiences. We make our customers’ memories last a lifetime by capturing, preserving, and sharing them through photography and personalized products. Through our family of brands, trend setting products, cutting edge technology, and best in class customer service, we help our customers, and each other, share life’s joy.

This is an exciting time for Shutterfly. In this position you will be an integral part of a developing and expanding Shutterfly’s cloud security program. The Senior Cloud Security Engineer is a vital role that helps to provide assurance for Shutterfly’s critical cloud resources. Your focus will be on helping to build and maintain a cloud security program.

Your primary duties and responsibilities will include:

  • Design, develop and deploy secure cloud technologies using best practices and insupport of Infrastructure as Code and CI/CD principles
  • Implement security tools focused on cloud based infrastructure
  • Provide design reviews with documentation for the early phases of a project to improve overall cloud design
  • Provide feedback and guidance for how to securely design and implement solutions in major public cloud environments (AWS, Azure, Google)
  • Cross train other team members and other teams related to expertise in domain
  • Work with various teams across the enterprise to identify and resolve cloud security issues and make improvements to the architecture of our cloud stack
  • Act as technical liaison between Information Security, development teams, architecture teams, platform teams, release engineering teams and more
  • Help to interpret Information Security policies through building standards and guidelines
  • Review and analyze existing processes and suggest improvements for increased security and efficiency


Minimum Qualifications:

  • 6-8 years working as a devops or cloud engineer and 1-3 years specifically in cloud security
  • Familiarity with different source control solutions, automation technologies, and CI/CD pipeline technologies such as Jenkins, DSL,Terraform, Git, and Java, including best practices for how to secure these solutions
  • Experience in deploying and maintaining resources as well as relevant security controls in various public cloud environments (AWS, Azure, Google)
  • Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
  • Must have experience with various systems technologies, architecture fundamentals, next-generation technology and very strong security understanding
  • Experienced in training task/project-oriented contributors (devops, neteng, syseng, etc) to promote and integrate security into their solutions from the ground up
  • Understanding and willingness to build and maintain documentation, knowledge base, and diagrams related to solutions being developed
  • Proven communication skills, the ability to present information clearly and concisely to all levels of management, both formally and informally
  • Understand information security frameworks, concepts, protocols, and industry best practices
  • Relevant security or cloud certifications (SANS/GIAC, CISSP, CCSP, AWS certifications, etc.) or equivalent proven experience


Preferred Qualifications:

  • A history of uncovering and remediating cloud security and system security flaws
  • A strong understanding of coding and scripting languages such as Java, Bash, Powershell and Python and the ability to easily switch between languages quickly
  • Experience with configuration mgmt tools such as Ansible, Chef or Puppet
  • Experience performing internal architecture and engineering related assessments/reviews
  • Experience with AWS service offerings and related harding including, but not limited to, EC2, S3, VPCs, ALBs, CloudFormation, Cognito, Security Groups, CloudWatch, SQS, SNS, Lambda, Kinesis, S3, RDS, Dynamo, Aurora, etc
  • Experience with VMWare, VRealize, and NSX
  • Experience deploying and working with various cloud security augmentation technologies (monitoring tools, cloud security container solutions, code repo security tools, orchestration technologies, etc)
  • Experience with software engineering best practices, such as agile methodologies, code reviews/Git pull requests and unit/functional testing
  • A strong ability and willingness to learn and adapt new technologies
  • Hands on experience in both using and securing containerized systems and container registry solutions
  • Basic understanding and experience with container management systems such as ECS, EKS, and Kubernetes

** This position is eligible to be remote and may be performed anywhere in the United States except for within the state of Colorado.