Lead, Cloud Security Engineer

Lead, Cloud Security Engineer

Plantation FL or Remote

Job Description

The Lead Cloud Security Engineer is the team leader for all Cloud Security initiatives.  He will provide technical security guidance and leadership with cloud security design, operations, and/or service orchestration.   This  individual is responsible for helping develop various security technologies and infrastructure in alignment with the security program, including but not limited to access control, identity management, regulatory compliance (SOX, PCI), privacy (GBPR, CCPA), network technologies, cryptography and operations. This position will execute information security processes and procedures in support of all businesses within the company. This role identifies security gaps, develops controls, determines functional and non-functional security requirements and designs solutions that meet business objectives while complying with security standards to achieve Security-by-Design principles based on the needs of the business and organizational security requirements.

This position reports directly to the Sr. Manager, Information Security and Compliance.

Responsibilities

• Manage and lead security projects and/or initiatives.
• Create and develop, design, build, deploy and support secure and well-orchestrated automated security solutions in the cloud using standard toolsets.
• Develop technology platforms and infrastructures in alignment with Magic Leap security standards and strategic roadmaps.
• Provide technical support for security initiatives involving security infrastructures, frameworks, methodologies, and/or platforms.
• Participate and recommend gap remediate efforts in regards to Information Security.
• Manage and lead security reviews of security infrastructures, frameworks, methodologies, and/or platforms and produce detailed documentation.
• Provide security engineering recommendations and guidance to stakeholders.
• Assist with security incidents that Magic Leap may face in alignment with our incident response plan
• Participate in the testing of security solutions and report observations to Security Management.
• Provide mentorship to security engineers and security analysts.
• Educate peers, security personnel, and other security staff about security infrastructures, frameworks, methodologies, and/or platforms.
• Support information security implementations & promote information security policy enforcement throughout Magic Leap.
• Investigate the potential impact of technologies and communicate findings to Security Management.
• Develop secure standards, requirements, diagrams, and/or documents for security infrastructures, frameworks, methodologies, and/or platforms needs.
• Reviews technical solutions and makes recommendations in alignment with Assurant security requirements.
• Collaborate with various security teams on infrastructures, frameworks, methodologies, and/or platforms needs.

Required Skills

• 7 years of experience in the IT field, information security, security event monitoring, incident response, eDiscovery forensic, infrastructure administration, compliance, security administration, audit and/or risk. 
• 5+ years cloud infrastructure operations or information security experience
• Experience with Security best practices and Cloud security governance.
• Deep understanding of cloud security controls.
• Experience designing, developing, deploying and suporting IT security principles, frameworks and tools like NIST, CIS, OWASP top 10, SANS top 25.
• Deep knowledge of Cloud infrastructure, network and security layers.
• Experience in various scripting and programming languages (Python, Bash etc.)
• Experience with the AWS CLI, Gcloud CLI.
• Experience with DevSecOps practices. Including experience with CI/CD.
• Experience with containers (Docker, ECS, Kubernetes)
• Understand Linux, Windows and Mac environments.
• Experience with web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten
• Understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
• Experience with information security investigations and forensics. Strong experience in Penetration Testing and tools
• Previous experience supporting legal, regulatory and industry security requirements and frameworks. Including, but not limited to the following: International Organization for Standards (ISO/IEC 27001) & Payment Card Industry - Data Security Standards (PCI - DSS).

Qualifications

• Cloud security lead who is able to manage all cloud information security efforts to work effectively at all levels of an organization with the ability to influence others to move toward consensus
• Customer-focused team lead with a demonstrated skills in managing expectations, providing proactive status updates for a team of security engineers, and producing high-quality work products
• Highly self-motivated, strong attention to detail, with strong analytical and problem-solving skills
• Strong verbal and written communication skills
• Strong interpersonal and conflict management skills

Education

• Bachelor’s degree in Information Systems or related degree, or equivalent job experience
• At least two industry standard certifications such as GSEC, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or other security vendor certification.

Additional Information:

All your information will be kept confidential according to Equal Employment

#LI-Remote