Cloud Security Engineer

Role:                 Cloud Security Engineer

Company:         Pearson

Division:           English Language Learning

Location:          Madrid, Spain (Remote or Hybrid*)

About Pearson: Our purpose: At Pearson we ‘add life to a lifetime of learning’ so everyone can realise the life they imagine. We do this by creating vibrant and enriching learning experiences designed for real-life impact. Pearson was founded in 1844 and has been built on our ability to grow with and adapt to a constantly evolving market. Our 20,000+ employees are dedicated to creating the high-quality, digital-first, accessible and sustainable resources for lifelong learning. 

About English Language Learning (ELL): We aspire to become the world's leading destination to learn and improve English language skills. Our focus is on committed learners from around the world, who are motivated by outcomes because they want to reach their full potential through learning English.   

About the role: Are you passionate about planning, implementing, upgrading, or monitor security measures for the protection of Company systems?  We are thrilled to announce a great opportunity to join our team as a Cloud Security Engineer. As a member of the cloud security team, you will be responsible for maintaining and elevating the security across our environments. The main goal of this role is to reduce risk while allowing the business to operate quickly, safely, and efficiently. If you are motivated about cloud security operations, this could be the ideal role for you. 

As a Cloud Security Engineer, you will be responsible for ensuring the security of cloud-based infrastructures and applications within Pearson organization. Your primary focus will be on implementing and maintaining security measures to protect our cloud environments and products according to security regulations and guidelines. You will work closely with international cross-functional teams to integrate and implement security best practices into cloud-based solutions and ensure compliance with industry standards and regulations.

Key Accountabilities 

• Well versed with Cloud Security standards, SDLC and DevSecOps processes and tools.
• Serve as a subject matter expert for security for applications and processes.
• Be the single point of contact for Security Central team.
• Collaborate with security leadership, engineering, and compliance to execute security strategies. Evaluate new technologies and tools that will impact organization security. Explore new threats, attack methods, and techniques.
• Assess our current cloud security and propose improvements or solutions across Pearson infrastructure to prevent potential threats for ELL.
• Assist other teams in solving security issues in a manner that complies with business requirements and best practices.
• Drive adoption of security and privacy policies and procedures across ELL products.
• Provide, when required, security training and guidance for developer teams.
• Review existing applications and software to identify security improvements. Monitor system activities, logs, and alerts.
• Collaborate with CISO organisation in developing and refining product security best practises.
• Maintain documentation of application security controls
• Perform application vulnerability assessments and evaluations.
• Provide guidance and oversight for the correction of discovered vulnerabilities.
• Provide DevOps with security oversight and design guidance.
• Integrate security into the development lifecycle of software (SDLC)
• Identify application logs that should be monitored by SIEM and ensure logs are being sent to SIEM

Experience, Skills, and Knowledge:  

• Most important skill: self-drive, proactiveness, and passion for work. We are building a vibrant team and these attributes are essential!
• Previous experience working in an application security role.
• Good experience in DevSecOps processes.
• Thorough understanding of cloud and network security and web protocols.
• Knowledge of modern cloud technology components and deployment patterns
• Experience deploying services in a multi-cloud environment – AWS, GCP, Azure.
• Experience using security tools such as: Snyk, Insight AppSec (Rapid7), Qualys Guard, Insight Cloud Sec (Divvy Cloud ), Irius Risk.
• Vulnerability scanners, static analysers, IDS/IPS, firewalls, and endpoint security monitoring.
• Experience developing software with object-oriented languages.
• Experience with database programming and administration.
• Experience with log management and/or correlation systems.
• Fluent in one or more programming or scripting language.
• Knowledge of secure development lifecycle principles.
• Strong analytical problem-solving skills.
• Communication skills, being able to elevate the work to senior management and influence senior stakeholders.

Our Benefits: 

• 24 Days annual leave (increasing by 1 day with every 2 years of continuous service up to 30 days) 
• Life insurance 
• Food & Transport Allowance 
• Flexible work schedule 
• Discounts on books and access to digital content and other development and training 
• International environment

*If you live in Madrid, you will be able to enjoy our brand-new office because we a have a remote / hybrid working model policy in place!

Diversity: At Pearson we value the power of an inclusive culture and a strong sense of belonging. We promote a culture where differences are embraced as strengths and opportunities are equal and accessible.

Flexible working: Pearson is committed to hybrid working practices and has adopted flexible remote and virtual working. Where possible our employees can choose to manage their attendance to the office more flexibly.

How to apply: Thank you for your interest in applying for a role at Pearson. Please submit an updated CV and cover letter (optional) in English. If you have any additional questions or require further information, please do not hesitate to reach out to us.

We look forward to receiving your application - Pearson Recruitment