Cloud Security Engineer

Job Description

The InfoSec team is responsible for finding and solving the biggest security risks facing our infrastructure. As an engineering team ourselves, we do this by building paved roads and guardrails. We believe that the secure option should also be the easiest option for our users. We’re looking for a strong engineer with a deep understanding of securing infrastructure and services in a Cloud-native world to help us execute this vision. 

You will: 

• With a focus on AWS, build the security components of the next phase of ATPCOs Cloud infrastructure, shaping how we use it for years to come. 
• Build automation to help us discover, measure, and contextualize security issues. 
• Partner with platform teams to deliver solutions that permanently solve entire categories of security risk. 
• Drive implementation and education of security best practices 

The Ideal Candidate: 

• Has strong AWS infrastructure security architecture experience 
• Tactfully makes recommendations and influence decisions 
• Communicates complex ideas and plans clearly both orally and in writing to technical and non-technical staff 
• Collaborates with dependent teams to develop cloud security standards and verify controls are implemented for hardening infrastructure, hardening infrastructure as code, hardening CI/CD pipelines, and hardening containers 
• Has experience implementing Cloud security posture management, workload protection, and cloud-native application protection platform tools (e.g. AWS Security Hub, Defender for Cloud, Prisma Cloud, Wiz.io, Orca, etc) 
• Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data and web-based systems. 
• Engages with internal stakeholders and vendors on system architecture to resolve misconfigurations. 
• Participates in network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. 
• Has strong analytical, technical, and organizational skills to include strong attention to detail. 
• Participates in penetration testing and vulnerability assessments of applications, operating systems and/or networks. 
• Responds to cybersecurity breaches, identifies intrusions, and isolates, blocks and removes unauthorized access. Researches and evaluates cybersecurity threats and performs root cause analysis. 
• Establishes, maintains, and reports upon metrics around overall security posture. 

Preferred Skills: 

• Prior systems security experience in a distributed, multi-Cloud hybrid environment with a focus on AWS. 
• Experience with scripting in JSON, Python, YAML, CloudFormation, Terraform,  PowerShell, etc.  
• Solid understanding of corporate and regulatory policies/standards and industry best-practices for Information Security 
• Strong vulnerability management and architecture experience 
• Experience with configuration of cloud and platform technologies (AWS, Kubernetes, Dockers, Linux, Windows) 
• Strong interpersonal skills and ability to work collaboratively in a dynamic cross-team environment. 
• Excellent technical documentation skills. 
• Experience with product management tools and practices, can interface directly with product teams to assign work/influence backlog for security needs 
• Ability to articulate security control-level concerns to both technical and non-technical audience 
• Industry certifications. 

Additional Information

ATPCO is the foundation of flight shopping, providing pricing and retailing data, tools, and services to 500+ airlines, global distribution systems, sales channels, and technology companies. ATPCO links the entire airline community together, collaborating to develop industry standards for airline distribution and end-to-end technology solutions. From shopping to settlement, ATPCO solutions work seamlessly across existing, new, and evolving technologies and methods. Airline-owned and reliably supporting air travel for more than 55 years, ATPCO is everywhere people buy flights.