Cloudblue: Security Engineer

Position at CloudBlue

CloudBlue is the world’s largest cloud platform provider, enabling any business to provide cloud solutions to anyone. We are committed to helping our partners drive new ways of doing business with an infinite ecosystem of cloud solutions, platform technology, enablement programs and relationships with the biggest players in the cloud industry.

CloudBlue is the only cloud commerce engine with a proven hyper-scale digital platform, and today powers the world’s largest service provider marketplaces, totaling more than 30 million seats globally. With a pulse on IoT, security, XaaS, IaaS technologies, and more, we invite visionaries to make an impact on this fast-growing industry. Our CloudBlue commerce platform enables companies to rapidly increase their level of success in the cloud market by building, scaling and monetizing services.

How do you stand out?

By having knowledge of SaaS and PaaS and previous experience in eCommerce management, by thriving in a “startup-like” environment and being excited about the impact you will make. Our office is in the North of Spain and has an agile, young and talented environment, with a solid career plan in one of the top cloud companies all over the world.

Requirements

Key Responsibilities

• Active monitoring and responding to security events and incidents escalating as required for remediation
• Contribute to improving the security monitoring systems and tools to reduce false-positives and more accurately and quickly identifying security events and remediating them
• Assisting the Security team with compliance audit activities
• Creating, updating, maintaining, and contributing feedback to documentation of policies, processes, procedures, and training material
• Training and coaching of security policies, processes, procedures, best practices, awareness, and other such trainings to internal staff
• Keeping abreast with the latest vulnerabilities, attacks, and security tools to stay current with security trends and risks
• Shift work, on call, and after-hours availability as required

This position is perfect if you have:

• Experience with actively monitoring and providing feedback about security trends and risks as they relate to business systems, policies, processes and infrastructure
• Knowledgeable in security threat remediation, incident response, patch management compliance and reporting
• Developed and maintained documentation that support efficient security operations
• Operational experience with security controls, driving remediation required, performing root cause analysis and implementing continuous improvement process opportunities
• Monitor and report on the implementation of intrusion detection, firewall policies and malware software
• Maintain up-to-date knowledge and understanding of information security threats, vulnerabilities, practices, principles and solutions

Knowledge/Experience:

• Intermediate-level knowledge in one or more specific technical areas, such as development, network/cloud security, malware detection/analysis, threat intelligence, cryptography, vulnerability management, incident response, forensics, social engineering, or hacking techniques
• Implementing and managing IDM solutions for internal and customer facing platforms
• Source code control and security best practices in a development environment
• Implementing and managing endpoint security controls and best practices in an enterprise environment
• Understanding of IT security industry standards (i.e. NIST; ISO-27001; OWASP; SANS)
• Minimum of 1-2 years cumulative hands-on security, privacy and compliance experience
• Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concern
• Experience with established and/or emerging compliance programs preferred (GDPR, CCPA, etc.)
• Monitor and report on the implementation of intrusion detection, firewall policies and malware software
• Designing and implementing security policies and practices on Cloud environments including Azure, AWS, GCP

Experience within a 24x7 production environment, preferably across multiple data centers and 3rd party cloud environments

Nice to have:

• Professional certifications in the security, privacy, risk management and audit areas highly desirable, such as: CISSP, CISA, CCSP, CEH, CompTIA Security+, PCIP