About the job Cloud Security Incidents Engineer
Job Type
Full Time
General Description
Responsible for analysis, design and implementation coordination for tool and service designs within the cloud security & identity domain. Securing software built and maintained by Popular. Work closely with in-house software development teams and vendors/third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications. In addition to securing software, will be expected to understand cloud computing principles, including virtualization, containerization, microservices and serverless computing. Risk management, security, container security, Kubernetes security, IAM security, network security, encryption, secrets management, data protection & securing CI/CD. Its key to maintain industry and cyber knowledge to optimize and align Populars application security processes and systems throughout the Software Development Lifecycle.
Essential Duties and Responsibilities
- Complete hands-on experience with Terraform, Packer, Ansible, Json for hardening images and CI/CD pipelines.
- Deep knowledge of securing APIs and Microservices platform
- Hands on experience with IAM Policy as code; OPA (Open Policy Agent); Cedar AWS opensource policy agent
- Expertise in Dev-Ops, CI/CD, and full life cycle management
- Experience working in DevSecOps, including knowledge and experience enforcing a secure software development lifecycle. (Github, Gitlab, Jenkins ,Ansible, Chef,Puppet)
- Experience using scripting languages (Python, Powershell, Bash etc.) to parse machine generated data, interact with REST APIs, and automate repetitive tasks.
- Identify solutions for common security problems while participating as a security specialist in an agile Application Security team.
- Work on security reviews, building relationships with software architects, developers, and engineers.
- Design and develop accelerators, security APIs, pipeline security automation.
- Developing and embedding secure design patterns, coding standards, education, and culture into the development community.
- Build, deploy, and automate comprehensive application security testing capabilities.
- Application security assessments, including code reviews, architecture reviews, threat modeling, and penetration testing.
- Act as an advocate and resource for secure software development and application security practices in all application life cycle phases.
- Promote API security design principles and perform API security reviews.
- Assists cyber incident triage, including determining scope, urgency, and potential impact, identifying the application code's specific vulnerability. Makes recommendations that enable expeditious remediation.
Education
Bachelor's degree in computer science, computer engineering, information systems, software engineering, or related field.
Experience
- 5 (five) years of experience working in security aspects of software engineering in a complex technology environment.
Certifications and Licenses
The following Certifications and Licenses are preferred but no required:
- CISSP, CISM, and AWS.
Knowledge, Skills, and Abilities (KSA'S)
- Strong business acumen: ability to understand the needs and concerns of business stakeholders and colleagues and respond promptly and effectively to stakeholder requests. Ability to conduct analysis on work procedures, business results and recommends changes to improve the effectiveness of the business's management.
- Strong technical acumen: knowledge of Information Security and Information Technology concepts. Ability to write technical instructions using programs and technology. Robust knowledge of applicable local and federal laws, regulations, and guidelines.
- Communication skills: effectively interact with internal and external stakeholders. Ability to foster trusting relationships with colleagues and clients. Highly develop written and verbal communications skills, strong ability to communicate ideas (storytelling). Presents numerical data effectively. Superior communication and interpersonal skills. Excellent report-writing and presentation skills. Polished in preparing presentations, summaries, and reports for all audiences.
- Analytical skills: Stays focused on main issues, prevents irrelevant issues or distractions from interfering with timely completion of assignments. Collects, research and complements data; Synthesizes complex or diverse information. Demonstrates attention to detail; Applies design principles; Generate creative solutions. Strong quantitative, research and analytical skills. Experience with data analysis, persuasive and informative writing, workload management, and process management.
- Problem Solving: Identifies and resolves problems in a timely manner; Develops alternative solutions.
- Project Management: Ability to prioritize and work with multiple projects and tasks with minimum supervision; self-direct and task switch between strategic and tactical initiatives regularly. Capacity to achieve results according to plan ensuring the expected quality. Excellent organization capacity to define priorities, meet deadlines, and flexible to change. Knowledge on project coordination, identification of business needs, work plan, budget control, time management, resource allocation, team management and status reports. Must demonstrate leadership, logic, and reasoning skills.
- Operational/Regulations Processes: Knowledge on budget administration, resources allocation, organizations policies, and regulations. Ability to establish, conduct and track operational processes properly.
- Computer and Technological Skills: Proficient in MS Office 365. Experience with data management tools such as Power Pivot, Power BI, among others is desired. Ability to achieve results by providing innovative ways of working with operational and technological considerations. Knowledge of computer flow charts and programming logic and codes.