Job Description

Role: Azure & AppSec Security Engineer

Type: perm, full time

Location: fully remote, working EST hours

Must Have: experience as a subject matter expert within the security function, Securing MS Azure based cloud infrastructure; Azure IaaS, PaaS and SaaS services; Azure automation with PowerShell & ARM, preferably using Terraform; Azure network security capabilities - ASG / NSG, Azure Firewall & WAF; Azure Active Directory, PIM & RBAC; Azure Key Vault; OWASP security & vulnerability management

Job Summary

Our Client is seeking a Cloud (Azure focused) & AppSec Security Engineer to join its Information Security Architecture, Engineering & Platforms team as part of its ongoing global Digital Transformation.  The mission of this role is to operate as a subject matter expert within the security function.

Primary Responsibilities

Enable and enhance secure cloud configuration and DevSecOps practices through collaboration with the Application Development, Enterprise Architecture & IT Operations functions and by helping to provide secure design patterns with a "hands on" security engineering mindset.

• Serve as a subject matter expert for cloud and application security engineering solutions
• Support the definition and implementation of security requirements bi-directionally – advising the Cyber GRC function on appropriate standards for monitoring.
• Deliver security automation in the CI/CD pipeline via process automation and tooling; reducing security vulnerabilities and configuration weaknesses through standardization and deep monitoring.
• Collaborate with globally diverse teams to continuously improve cloud and application security controls to enable security by design and defense-in-depth principles
• Project Lead for all cloud & AppSec information security projects
• Stay current with evolving technologies and effectively educate teams on security issues and opportunities in cloud and application security domains.
• Ensure alignment of services to information security policies, standards, and frameworks/best practices (SOC, NIST, CISA, ISO, OWASP)
• Demonstrate a commitment to lifelong learning
• Fulfill additional, relevant, tasks appropriate to the role and business demands
• Self-motivated and the ability to work independently

Minimum Experience

• Securing MS Azure based cloud infrastructure
• Azure IaaS, PaaS and SaaS services
• Azure automation with PowerShell & ARM, preferably using Terraform
• Azure network security capabilities - ASG / NSG, Azure Firewall & WAF
• Azure Active Directory, PIM & RBAC; Azure Key Vault
• Azure DevOps & Git source control
• OWASP security & vulnerability management
• Container security – DockerKubernetesAKS (ability to explain what Kubernetes is, a plus)

Desired Experience

• Experience in Python
• Experience with Kubernetes
• Palo Alto security solutions
• Agile planning

Qualifications

• Aptitude, experience andor ability more important than formal qualifications.
• BA and/or MSC in Information Systems, Cybersecurity, Information Assurance (IT related).
• 5+ years’ of technical and hands on experience in cloud, app development or security roles that have exposed you to the required areas and concepts of the position.
• Strong problem solving, analytical and platform management skills; thinking outside the box.
• Excellent verbal and written communication skills and the ability to interact professionally with a diverse group including; executives, managers, IT personnel, and other subject matter experts.

Certifications (One or more of the following certifications should be current and up to date)

• Relevant security certifications (Cloud-CCSK, AWS, Azure)