Security Engineer

Job Description:

Responsibilities:

• Design, implement, and maintain security controls for our cloud infrastructure, with a focus on Azure, encompassing both AKS and serverless environments.
• Secure our Azure Kubernetes Service (AKS) environment, including ingress/egress controls, service mesh security, and identity management.
• Secure our serverless environment, including Web Apps, Function Apps, and related Azure services.
• Implement and manage Azure Front Door for web application security and traffic management.
• Configure and maintain Web Application Firewalls (WAFs) and Application Gateways.
• Implement and manage network segmentation strategies, firewalls, and proxies, considering both AKS and serverless architectures.
• Integrate Okta for identity and access management, including claim-based authorization, across all application environments.
• Champion DevSecOps practices and promote a "shift-left" security culture within the engineering teams.
• Work hand-in-glove with our development teams to drive the proper implementation of OWASP principles
• Drive both front-end and back-end security best practices, and their adoption within our applications
• Develop and maintain security documentation, policies, and procedures.
• Respond to security incidents and participate in incident response activities.
• Stay up-to-date with the latest security threats, vulnerabilities, and best practices, specifically related to containerized and serverless architectures.
• Collaborate with engineering, operations, and other teams to ensure security is integrated throughout the software development lifecycle.
• Coordinate security testing activities, working with dedicated security testing resources or teams. This includes defining scope, reviewing results, and driving remediation efforts.
• Ensure secure Infrastructure as Code (IaC) practices are followed for all deployments, including security scanning and validation of IaC templates.

Required Skills and Qualifications:

• Network Security: Solid understanding of network segregation, WAFs, App Gateways, Proxies, and Firewalls.
• Application Security & DevSecOps: Good understanding of application security and DevSecOps principles, including the "shift-left" culture.
• Security & Privacy Principles: Good understanding of security and privacy principles, secure standards, and RFCs.
• Azure Cloud Platform Experience: Hands-on experience with the Azure cloud platform and its security services.
• Azure Kubernetes Service (AKS) Security: Specific experience securing Azure Kubernetes Service (AKS) environments, including ingress/egress, service mesh, and identity management.
• Container and Kubernetes Security: Experience securing containerized applications and Kubernetes deployments, including conducting threat modeling exercises to identify and prioritize security risks.
• Serverless Application Security: Experience securing serverless applications, including Web Apps and Function Apps.
• Foundational Azure Services: Experience with Azure Resource Groups, Virtual Networks, and other foundational Azure services.
• Security Best Practices: Knowledge of security best practices for containerized applications, microservices, and serverless functions.
• Problem-Solving Skills: Strong problem-solving and analytical skills.
• Communication Skills: Excellent communication and collaboration skills.
• Education: Bachelor’s degree in computer science, Information Security, or a related field.

Preferred Qualifications:

• Cloud Security Certifications: Azure AZ-500 or other relevant cloud security certifications.
• Advanced Security Certifications: OSCP, OSCE, CREST, CISSP, or other recognized security certifications.
• Infrastructure as Code (IaC) Security Expertise: Deep understanding of IaC and its security implications, including experience with secure IaC practices and tools.
• Application Security Testing Experience: Hands-on experience with various application security testing methodologies (SAST, DAST, IAST, penetration testing) and tools.
• Automated Security Testing: Experience implementing and managing automated security testing within a CI/CD pipeline, covering DevSecOps practices.
• Identity and Access Management (IAM): Proficiency in implementing and managing Okta for identity and access management, including claim-based authorization.
• Agile Experience: Proven experience working in an Agile environment.
• Scripting and Automation: Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for security automation and orchestration.
• Security Tooling: Familiarity with various security tools, such as vulnerability scanners, SIEM systems, and intrusion detection/prevention systems.

Location:

Brand:

Time Type:

Contract Type: