Azure & AppSec Security Engineer
Role: Azure & AppSec Security Engineer
Type: perm, full time
Location: fully remote, working EST hours
Must Have: experience as a subject matter expert within the security function, Securing MS Azure based cloud infrastructure; Azure IaaS, PaaS and SaaS services; Azure automation with PowerShell & ARM, preferably using Terraform; Azure network security capabilities - ASG / NSG, Azure Firewall & WAF; Azure Active Directory, PIM & RBAC; Azure Key Vault; OWASP security & vulnerability management
Our Client is seeking a Cloud (Azure focused) & AppSec Security Engineer to join its Information Security Architecture, Engineering & Platforms team as part of its ongoing global Digital Transformation. The mission of this role is to operate as a subject matter expert within the security function.
Enable and enhance secure cloud configuration and DevSecOps practices through collaboration with the Application Development, Enterprise Architecture & IT Operations functions and by helping to provide secure design patterns with a "hands on" security engineering mindset.
- Serve as a subject matter expert for cloud and application security engineering solutions
- Support the definition and implementation of security requirements bi-directionally – advising the Cyber GRC function on appropriate standards for monitoring.
- Deliver security automation in the CI/CD pipeline via process automation and tooling; reducing security vulnerabilities and configuration weaknesses through standardization and deep monitoring.
- Collaborate with globally diverse teams to continuously improve cloud and application security controls to enable security by design and defense-in-depth principles
- Project Lead for all cloud & AppSec information security projects
- Stay current with evolving technologies and effectively educate teams on security issues and opportunities in cloud and application security domains.
- Ensure alignment of services to information security policies, standards, and frameworks/best practices (SOC, NIST, CISA, ISO, OWASP)
- Demonstrate a commitment to lifelong learning
- Fulfill additional, relevant, tasks appropriate to the role and business demands
- Self-motivated and the ability to work independently
- Securing MS Azure based cloud infrastructure
- Azure IaaS, PaaS and SaaS services
- Azure automation with PowerShell & ARM, preferably using Terraform
- Azure network security capabilities - ASG / NSG, Azure Firewall & WAF
- Azure Active Directory, PIM & RBAC; Azure Key Vault
- Azure DevOps & Git source control
- OWASP security & vulnerability management
- Container security – DockerKubernetesAKS (ability to explain what Kubernetes is, a plus)
- Experience in Python
- Experience with Kubernetes
- Palo Alto security solutions
- Agile planning
- Aptitude, experience andor ability more important than formal qualifications.
- BA and/or MSC in Information Systems, Cybersecurity, Information Assurance (IT related).
- 5+ years’ of technical and hands on experience in cloud, app development or security roles that have exposed you to the required areas and concepts of the position.
- Strong problem solving, analytical and platform management skills; thinking outside the box.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group including; executives, managers, IT personnel, and other subject matter experts.
Certifications (One or more of the following certifications should be current and up to date)
- Relevant security certifications (Cloud-CCSK, AWS, Azure)