Senior Cloud and Application Security Engineer
Chicago, IL, US, 60606
Applications have closed
Ryan Specialty
Ryan Specialty is an international specialty insurance firm that provides innovative solutions for brokers, agents and insurance carriers.Ryan Specialty is looking for a Senior Cloud and Application Security Engineer to join our Chicago, IL team. We are a fast paced, energetic and rapidly growing organization that offers a great opportunity for someone interested in further developing their career. Ryan Specialty has been named one of America’s Most Loved Workplaces by Newsweek, and has been named 2023 Top Insurance Employer by Insurance Business America.
Position Summary:
We are seeking a proactive and collaborative Senior Cloud and Application Security Engineer to integrate security measures into every phase of our cloud and application development lifecycle. The ideal candidate will champion security best practices and foster a culture of security awareness within the organization. Responsibilities include developing automated security solutions to enhance efficiency and response capabilities, designing and managing security protocols for cloud infrastructure, and enforcing security guidelines for Infrastructure as Code (IaC). The role requires securing containerized environments, partnering with DevOps for CI/CD pipeline security, and leading security initiatives alongside the Senior Application Security Engineer. The Senior Cloud and Application Security Engineer will also maintain application security standards, stay updated on emerging security threats, and proactively investigate potential risks. An action-oriented mindset and strong relationship-building skills are essential to drive information security forward effectively.
Essential Functions:
- Collaborate with IT, development, and operations teams to embed security into every aspect of the cloud and application security lifecycle
- Advocate for security best practices, raising awareness and driving a security-first culture across the organization
- Develop and implement automated security solutions to streamline security processes, improve efficiency, and enhance response capabilities
- Collaborate with architecture and IT to design, implement, and manage security measures for our cloud environments
- Develop and enforce security best practices for Infrastructure as Code (IaC) to ensure secure deployment and configuration management
- Secure containerized environments, including Docker and Kubernetes, and ensure compliance with security benchmarks
- Partner with DevOps teams to integrate security into the CI/CD pipeline for container deployment and management
- Along with the Senior Application Security Engineer, lead application security initiatives, including secure code reviews, vulnerability assessments, and web application penetration testing
- Develop and maintain application security standards and guidelines, ensuring they are integrated into the software development lifecycle
- Stay abreast of the latest security threats, trends, and technologies, especially in cloud, IaC, and container environments
- Proactively identify and investigate security threats by analyzing security logs, conducting threat hunting exercises, and implementing advanced detection mechanisms
- Continuously evaluate and improve security tools and processes to address evolving security
- Be action oriented, demonstrating high energy and an action-oriented approach to challenging work tasks, with a willingness to act swiftly and with minimal planning when opportunities arise.
- Build strong peer relationships by finding common ground and fostering problem-solving for mutual benefit, advocating for information security interests while remaining equitable to other groups, promoting teamwork and cooperation, and maintaining open and honest communication with colleagues.
Education/Experience/Skills:
- Bachelor’s degree in computer science/Engineering/Information Security preferred.
- Minimum of 7 years’ experience in Information Security within cloud-native or SaaS technology environments
- Proficiency in cloud platforms such as AWS, Azure, and GCP, container orchestration tools (Kubernetes, Docker), and Infrastructure as Code (Terraform, Ansible)
- Experience in application security practices and tools, including static/dynamic analysis and familiarity with OWASP standards
- Strong analytical, problem-solving, and communication skills
- Ability to work collaboratively in a dynamic environment
- 3-5 years of hands-on experience securing Infrastructure as Code, Application Security, and Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAML
- Minimum two years of experience automating and scaling CIS benchmarks or equivalent standards
- Extensive experience writing technical and business-friendly security documentation
- Strong written and verbal communication skills in English
- Professional certifications such as Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) are highly desirable
Disclaimer
Ryan Specialty is an Equal Opportunity Employer.We are committed to building, growing, and sustaining a diverse workforce that is reflective of society throughout the entirety of the organization and throughout the insurance industry.We aspire to cultivate a company that is both inclusive and equitable, where every employee is recognized and assessed based on their performance and contributions.We strive to harness our differences and commonalities to better serve our clients, trading partners, workforce, and communities.* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible Application security AWS Azure CCSP CI/CD CISSP Cloud Compliance Computer Science DevOps Docker GCP JavaScript Kubernetes OWASP Pentesting Python SaaS SDLC Terraform
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cloud Security Architect jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Manager Pentest H/F jobs
- Open Security Operations Analyst jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Network Security Engineer jobs
- Open Information Security Architect jobs
- Open C-related jobs
- Open CISM-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DoD-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs
- Open IPS-related jobs
- Open Kubernetes-related jobs