Cloud Security Architect

Overview:

• We are a leading AI-driven Global Supply Chain Solutions Software Product Company and one of Glassdoor’s “Best Places To Work”.
• Application Security Engineer mission is to create an end-to-end to end security architecture based on Secure By Design principles and responsible for performing and determining the technology that is implemented within the application security team.
• Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation tools, Cryptography and manual source code reviews across open source.

Scope:

Blue Yonder Cybersecurity team is seeking a Cloud Security Architect. The Cloud Security Architect is responsible for leading the development and delivery of cloud security architecture that aligns with enterprise security architecture and ensuring risk optimized cloud workloads. The primary areas of focus for the Cloud Security Architect are to partner closely with Cloud teams in developing Cloud risk management strategy, assess current posture, and drive remediation. This candidate will be closely partnering with internal security teams and stakeholders to deliver consistent security posture across our private and public cloud workloads.

What you’ll do:

• Develop and manage the Blue Yonder’s cloud security strategy aligned with business goals and compliance requirements.
• Partner with business and technical team members to develop requirement definitions, solution design and technical architecture and delivery.
• Collaborate with customer stakeholders to identify and mitigate risks, perform security reviews, design top tier security practices, and deliver strategic, innovative cloud-based security offerings.
• Develop and manage policies, procedures, and standards to enforce consistent security practices across Blue Yonder.
• Develop and implement data security strategies.
• Identify cloud risks and vulnerabilities and develop strategies to mitigate them effectively across PaaS, IaaS, SaaS, and hybrid cloud workloads.
• Provide technical guidance and oversight during the implementation of cloud security solution. Support implementation of the service by providing hands-on support.
• Assist clients with transitions to the Cloud from existing on-premises environments.
• Lead the Cloud Security Infrastructure Design and Architecture on client engagements.
• Ensure security solutions comply with relevant regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) and industry standards (e.g., NIST, ISO/IEC).
• Integrate services with security capabilities in other domains.
• Develop and generate KRI/KPIs for the service.
• Maintain alignment with threat landscape and industry trends.
• Assess maturity and develop continuous improvement plans for the service.
• Participate in security architecture reviews and design discussions to embed the risk optimized controls.
• Partner with enterprise architecture and application development team to enhance the security of the products.
• Collaborate with GRC team and connected stakeholders to manage the identified risk and remediation activities.

What we are looking for:

• A master’s or bachelor’s degree in cybersecurity, computer Science, or related field
• 10+ years of information technology and/or information security experience with 5+ years in an engineering role designing and supporting public clouds (Ideally Azure)
• Proficiency in Cloud Security Posture Management (CSPM), Container Security, Cloud Access Security Broker (CASB), Web Application Firewall (WAF) and IDS/IPS.
• Proven experience in implementing consistent security posture across multiple cloud providers.
• Direct experience designing and developing cloud-native solutions on Azure.
• Experience working with Microsoft Purview, and DLP implementation.
• Experience with secure software development, data protection, cryptography, key management, network security (VPNs, FWs, WAF) within cloud environments.
• Deep understanding of Zero trust security models.
• Experience in identifying, assessing security risks, and implementing risk mitigation strategies.
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Microsoft Cybersecurity Architect or equivalent.
• Familiarity with security frameworks such as NIST-CSF, and CIS controls.
• Understanding of regulatory requirements such as GDPR, HIPAA, SOX and experience implementing controls to ensure compliance.
• Excellent written and oral communication skills.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

Diversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.