Staff Cloud Security Engineer

Engineering Tempe, Arizona


Description


This is an exciting time for Shutterfly. In this position you will be an integral part of a developing and expanding Shutterfly’s cloud security program.  The Staff Cloud Security Engineer is a vital role that helps to provide assurance for Shutterfly’s critical cloud resources. Your focus will be on helping to build and maintain a cloud security program for multiple public and private clouds.

Your primary duties and responsibilities will include:

  • Design, develop and deploy secure cloud technologies and configuration best practices
  • Hands-on coding/testing to assist in remediating security vulnerabilities in cloud infrastructure and processes
  • Work with various teams across the enterprise to identify and resolve cloud security issues and make improvements to the architecture of our cloud stack
  • Provide feedback in the early design phases of a project to improve overall cloud design
  • Act as technical liaison between Information Security, development teams, architecture teams, platform teams and more
  • Review and analyze existing processes and suggest improvements for increased security and efficiency
  • Build and design secure processes and automation into key technology processes (CI/CD pipelines, image repositories, etc)
  • Provide feedback and guidance for how to securely architect and implement solutions in major public cloud environments (AWS, Azure, Google)
  • Provide recommendations for how to secure critical assets including containers, tasks, and exposed resources

 

Minimum Qualifications:

  • 6-8 years working as a devops or cloud engineer and 1-3 years specifically in cloud security
  • Hands on experience in both using and securing containerized systems and container registry solutions
  • Familiarity with different source control solutions and CI/CD pipeline technologies including best practices for how to secure these solutions
  • Experience in deploying and maintaining security controls in various public cloud environments (AWS, Azure, Google)
  • Thorough understanding of pricing/cost models across cloud providers and services, and how security decisions can affect/impact cost
  • Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
  • Must have understanding of various systems technologies, architecture fundamentals, next-generation technology and very strong security understanding
  • Experienced in training task/project-oriented contributors (devops, neteng, syseng, etc) to promote and integrate security into their solutions from the ground up
  • Proven communication skills, the ability present information clearly and concisely to all levels of management both formally and informally
  • Understand information security concepts, protocols, and industry best practices
  • Relevant security or cloud certifications (SANS/GIAC, CISSP, CCSP, AWS certifications, etc.) or equivalent proven experience

 

Preferred Qualifications:

 

  • Working knowledge of code versioning tools like Git and continuous delivery tools like Jenkins and Maven
  • A history of uncovering and remediating cloud security and system security flaws
  • A strong understanding of coding and scripting languages such as Java and Python and the ability to easily switch between a variety of languages quickly
  • Must be comfortable operating in a Bash Shell environment
  • Experience with one or more configuration mgmt tools such as Ansible, Chef or Puppet
  • Experience performing internal architecture and engineering related assessments/reviews
  • Extensive experience with AWS service offerings and related harding including, but not limited to, EC2, S3, VPCs, ALBs, Cognito, Security Groups, CloudWatch, SQS, SNS, Lambda, Kinesis, etc.
  • Experience with VMWare, Vcenter and other internal private cloud technologies
  • Strong understanding and experience with Terraform, CloudFormation, Docker, ECS, EKS, Kubernetes and other infrastructure as code repositories, containerization platforms and related tools
  • Proven experience with cloud governance structure and facilitating the transition of on-prem workloads to the cloud
  • Familiarity with cloud storage technologies such as S3, RDS, Dynamo, Aurora, etc
  • Experience deploying and working with various cloud security augmentation technologies (monitoring tools, cloud security container solutions, code repo security tools, orchestration technologies, etc)
  • Experience with software engineering best practices, such as agile methodologies, code reviews/Git pull requests and unit/functional testing
  • A strong ability and willingness to learn and adapt new technologies is desired

 #LI-HS1