My client is expanding their Cloud Security organization and are seeking candidates with readiness to learn and build their security skills in exciting and growing field of DevOps, cloud, and container security.

• In this role you will support the team in its goals of embracing cloud based technologies across multiple providers (Amazon AWS, Oracle OCI, Google GCP, Amazon Azure, etc.) supporting differing service implementations (IaaS, SaaS, PaaS).
• You will be a key contributor to information security programs, solve problems and manage cross-functional relationships across multiple internal programs aimed at container security and compliance of cloud programs to security policies, industry standards, and government regulations.
• You will identify and mitigate security risks across container deployments, identify and mitigate security risks, and develop tools to assist teams.
• You will research, test and implement container security controls; perform multi-cloud platform attestations; ensure solutions are aligned with department and corporate policies; and balance security requirements in conjunction with users’ dynamic needs and the company’s values.

Responsibilities:

• Work closely and collaboratively with infrastructure and development teams, to drive container/cloud security initiatives
• Build & maintain security solutions integrated into CI/CD pipeline (i.e. Jenkins)
• Administer container-aware security monitoring tools/solutions
  • Manage addition/deletion of cloud accounts, ensuring continuous monitoring
  • User administration
  • Signature/rules management and tuning
  • Assist customers with solution integration features
  • Produce reports, scorecards and related metrics
• Develop tools to assist in container security automation
• Drive strategic automation of container-aware monitoring tools/solutions to detect and prevent risks
• Keep stakeholders updated with communications and weekly reporting
• Drive mitigation of reported risks from container-aware monitoring tools/solutions
• Track and report on the status of cloud container security risks to corporate/industry requirements.
• Assist in the implementation of a formalized information security awareness offerings
• Be aware of new security products (i.e. Stackrox, sysdig, Aqua, Twistlock, Clair, Grafeas, etc.), evaluate product features and make recommendations up to and including Proof of Concepts testing.
• Author/maintain container security requirements (i.e. policies)
• Serve as technical consultant in assisting builders in understanding reported image/host/container risks
• Perform other duties as assigned

Qualifications

Must have:

• Bachelor’s Degree
• Four or more years of relevant work experience.
• AWS Associate or Professional certification or a willingness to obtain within 6 months.

Ideally, you’ll also have some experience with:

• Public cloud experience (Azure or AWS or GCP, etc)
• Experience in: building micro-service based applications via images/containers, container orchestration (i.e. Kubernetes, Docker Swarm), container runtime (i.e. Docker, Rocket)
• Familiarity with hosted container services (i.e. AWS: EKS, ECS, Fargate, GCP: GKE, Azure: AKS)
  • Certified Kubernetes Application Developer (CKAD)
  • Certified Kubernetes Administrator (CKA)
• Experience building / using Continuous Integration/Continuous Deployment secure pipeline (shift left)
• Proficient with Source Control Management tools such as Git (Gitlab/Github)
• Image lifecycle management – Artifactory
• Scripting Python, UNIX Shell Scripting
• Linux and/or UNIX

Interpersonal Skills:

• Possesses customer centric attitude
• Ability to clearly communicate technical concepts
• Performance oriented, self-directed ability to drive change & manage multiple projects
• Fast learner, capable of rapidly assimilating to existing processes and technologies