This is really a developer role with a focus on security, vs. a security role that has just exposure to development.
As part of the Cloud Security and Infrastructure team, the Cloud Security Engineer builds prototypes, components and tooling with a goal of ensuring the security of the software we deploy. They have secure coding (different from encryption) and mobile security experience and a good understanding and knowledge of digital certificates and vulnerability management. They are experienced with PaaS offerings for computation and applications, user management, security and identity management, and OAuth2, SAML2, OIDC. Reporting to the Project Manager, the Cloud Security Engineer will promote secure development practices within the team and across the wider organization. They are technical, with excellent interpersonal skills, and work well with both internal and external customers. They can demonstrate leadership and exhibit very effective verbal and written communication skills.
Develops, executes and measures unit tests to ensure and maintain source code security and quality.
Shares expertise throughout the organization; may provide user training for APIs.
Evaluates engineering approaches and risks to produce development plans to ensure high quality, low cost products and services.
Identifies and keeps abreast of new technical concepts and products.
May author technical reports, papers, articles, patents and presentations.
DevOps experience with continuous security testing and automation on public clouds such as Google Cloud, Azure and AWS.
Experience in threat modelling and risk identification
Experience with public key infrastructure and digital certificates.
Familiarity with a broad spectrum of Cloud security, data security and access control technologies.
Experience with microservices architecture, development, deployment and testing.
Proficiency in at least one cloud language (GO, Java or Python)
Industry leading technical knowledge of at least two of: application security, system security, network security, authentication/authorization protocols, or cryptography. Hands-on experience in at least one of the above.
Competency in platforms such as Kubernetes.
Competency with code and load testing tools such as JMeter is desirable but not mandatory.
Strong sense of teamwork and putting team's interests first is desirable.
Hours: 8:00 am to 5:00 pm
- Intrusion Detection And Prevention
- Network Security
- Microsoft Antivirus
- Public Key Infrastructure