KEY RESPONSIBILITIES:
- Work with a team of Product DevOps/SecOps Engineers to architect and secure AWS applications.
- Ensure compliance and security of public cloud properties.
- Create secure design patterns and libraries for cloud applications in areas such as data protection, key management, authentication, and authorization.
- Develops standards, policies and procedures best practices documentation.
- Translate security and technical requirements into business requirements and communicate security risks to different audiences ranging from business leaders to engineers.
- Work closely with application developers and system administrators to deliver secure solutions to complex technology challenges and business requirements.
- Shares lessons learned, initial indicators of detection and opportunities for strengthening systems and applications to management.
- Collects information from a wide variety of sources, and aggregates the data relevant to the Hertz security environment.
- Act as a security liaison and present security architecture along with Application Teams in periodic Architecture Review Board meetings.
REQUIREMENTS
- Bachelor degree in Computer Science, MIS, or related field.
- 5+ years of Information Security experience required, preferably in a global Fortune 500 corporation.
- Knowledge of OWASP top 10 and able to identify vulnerabilities and possible exploits. Provide remediation guidance.
- Strong experience with Amazon EKS – Amazon Kubernetes Service
- Strong understanding of modern deployment tools like Jenkins, Git, Docker
- Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments
- Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
- Experience in testing web-based APIs (i.e., REST, SOAP, XML, JSON) and AWS Serverless applications.
- Application or system hardening, Security Testing / Penetration Testing, Fuzzing, Cloud security.
- Hands-on experience performing threat modeling, including STRIDE and PASTA methodologies
- Familiarity with MITRE ATT&CK Enterprise Matrix and MITRE D3FEND
- Excellent written and oral communication skills in English
- Well versed in a variety of development languages, protocols, code repositories, and application security testing platforms.
- Certifications desired: AWS Cloud Practitioner, Certified Information Systems Security Professional, (CISSP) Certified Ethical Hacker, (CEH) GIAC Security Essentials Certifications, GIAC Certified Intrusion Analyst, Global Information Assurance Certification, Forensics certifications.