Information Security Senior Engineer

QUALIFICATIONS:

• Strategic Oversight:
  • Design and implement a comprehensive application security strategy aligned with organizational goals and industry standards (e.g., NIST CSF, NIST 800-53, CSA CCM).
  • Lead the evaluation and adoption of cutting-edge security tools and methodologies to address emerging threats (e.g., AI-driven attacks, supply chain vulnerabilities).
• Technical Leadership:
  • Be a technical subject matter expert (SME) responsible for Azure, AWS, GCP, Oracle, OpenShift, container, and general cloud security capabilities such as identity & access, data protection, security controls and compliance, vulnerability management, threat detection and response, and logging/monitoring.
  • Deploy, configure, and maintain cloud & container security tools and technologies to monitor, detect, and prevent data leakage or unauthorized data transfers.
  • Design and build automations and playbooks to assist with and improve the efficiency of response to detections from relevant technical tools.
  • Conduct regular assessments to identify gaps in cloud and container security controls, processes, and systems and propose security enhancements to mitigate risks.
  • Develop cloud and container security policies and technologies to address data leakage.
  • Conduct RFP’s, assess, and evaluate cloud/container security tools for utilization within the organization.
  • Collaborate with technology and application owners for onboarding of cloud/container technologies to enhance the SSDLC (Secure Software Development Life Cycle)
  • Collaborate with the CSIRT (Computer Security Incident Response Team) and Security Engineering team to expand and mature detections.
  • Collaborate within the SOC and across IT to mature SOC playbooks, alerting, processes, and Incident Response actions.
  • Lead and facilitate the creation of compliance automation and policy-as-code to streamline cloud governance in partnership with technology and application owners.
• Collaboration and Mentorship:
  • Partner with engineering, Cloud teams, DevOps, and product teams to embed security into all phases of cloud implementation, advocating for security culture.
  • Collaborate with technology and application owners to establish and agree upon secure deployment standards.
  • Mentor and train junior security engineers and developers on secure cloud practices, threat modeling, and vulnerability remediation.
• Incident Management:
  • Support incident response efforts for cloud-related security incidents, coordinating with cross-functional teams to contain, analyze, and resolve incidents.
  • Develop post-incident reports and recommend long-term preventive measures to senior leadership.
• Compliance and Governance:
  • Ensure applications comply with regulatory requirements (e.g., CMMC, GDPR, SOC, PCI-DSS) and prepare for audits by maintaining robust documentation.
  • Establish and enforce application security policies, standards, and KPIs to measure program effectiveness.
• Research and Innovation:
  • Stay ahead of evolving threats by researching new attack vectors (e.g., zero-day exploits, API vulnerabilities) and proactively updating security controls.
  • Represent the organization in industry forums, contributing to thought leadership on application security trends.

The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:

• Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
• Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
• Paid Time Off: PTO & Holidays, Parental Leave, Sick Leave, Military Leave, Bereavement
• Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program

World Wide Technology is an Equal Opportunity Employer. We strive to create an environment where all employees are empowered to succeed based on their skills, performance, and dedication. Our goal is to cultivate a culture of belonging that encourages innovation, collaboration, and respect for all team members, ensuring that WWT remains a great place to work for All!

Preferred locations: MO, FL, NC, TX, AZ, IL, MA, VA, AL, LA, GA, MN, OH, MI, WI, IA, SC

#LI-EG1

#LI-REMOTE

Sr. Security Engineer

Why WWT?

Founded in 1990, World Wide Technology (WWT), a global technology solutions provider leading the AI and Digital Revolution, with $20 billion in annual revenue, combines the power of strategy, execution and partnership to accelerate digital transformational outcomes for large public and private organizations around the world. Through its Advanced Technology Center, a collaborative ecosystem of the world's most advanced hardware and software solutions, WWT helps customers and partners conceptualize, test and validate innovative technology solutions for the best business outcomes and then deploys them at scale through its global warehousing, distribution and integration capabilities.

With over 10,000 employees and more than 55 locations around the world, WWT's culture, built on a set of core values and established leadership philosophies, has been recognized 13 years in a row by Fortune and Great Place to Work® for its unique blend of determination, innovation and creating a great place to work for all.

Want to work with highly motivated individuals on high-performance teams? Join WWT today!

What is the Internal WWT IT Team and why join? 

The Internal WWT IT team is the backbone of our company’s technological infrastructure, ensuring seamless operations and continuous innovation. Our team is dedicated to managing and supporting the company’s technology infrastructure, ensuring the smooth operation of hardware, software, networks, and data systems, while providing top-notch technical support to employees. 

By joining the Internal WWT IT team, you will play a crucial role in maintaining the efficiency and security of our IT environment, enabling the company to achieve its strategic goals. The Internal IT team offers the opportunity to work in a dynamic and collaborative environment, where your contributions will have a direct impact on the company's success. If you are passionate about technology and eager to take on new challenges, we encourage you to apply and join our team.

What will you be doing?

The WWT Information Security (InfoSec) team is currently searching for an Information Security Engineer to join the Security Engineering Team. As a member of the team, you will be responsible for implementing and maintaining the tools and capabilities used to ensure the security and protection of cloud and container environments within our organization. You will also assist in identifying and investigating data loss events, insider threat events, collaborating with the Security Operations Center, Legal, Compliance, and Corporate Security teams to mitigate threats, and engaging with senior team members to perform response actions.

Responsibilities:

As a Senior Security Engineer, you will lead the design, implementation, and maintenance of critical information security systems and services managed by the team. This role involves managing complex IT projects, ensuring the security and efficiency of IT systems, and providing technical guidance to junior engineers. The Senior Security Engineer will collaborate with various departments to develop and implement technology solutions that align with business objectives. Key responsibilities include system architecture, systems management, cloud services, and cybersecurity. Strong problem-solving skills, excellent communication, and a deep understanding of industry best practices are essential for this role.

As an engineer on the Internal IT team, WWT will offer you the ability to work with state-of-the-art technology and be on the front of leading-edge technical solutions in an organization driven by innovation.

The Sr. Security Engineer position is critical for protecting organizational assets by ensuring compliance with internal policies and standards, contractual agreements, relevant legal and regulatory requirements, and recommending improvements to strengthen the organization's internal control structure. This position develops and implements risk management policies, procedures, and frameworks in alignment with industry standards and best practices to identify, assess, and mitigate potential risks across the organization and serves as a consultant within InfoSec, other internal departments, and the procurement of products and services.

Senior Security Engineer Essential Functions:

• System Maintenance and Support: Ensuring the smooth operation of information security systems by performing regular maintenance, updates, and troubleshooting issues as they arise
• Providing Technical Support: Assist the team within coming INCs and offer technical support and troubleshooting assistance, assisting in the day-to-day maintenance and operation of all systems, and participating in troubleshooting efforts
• System Integration: Integrating new software and hardware into existing systems, ensuring compatibility and minimal disruption to operations
• Security Management: Implementing and maintaining security measures to protect IT systems from cyber threats and unauthorized access
• Documentation and Reporting: Creating and maintaining detailed documentation of system configurations, processes, and procedures, as well as generating reports on system performance and incidents
• Collaborating with IT Teams and Business Stakeholders: Strong technical and communication skills are essential for partnering with IT teams and Business stakeholders to manage and maintain core IT systems.
• Project Delivery: Develop requirements and lead the design and build-out of new systems, services, and IT capabilities across multiple projects simultaneously. Including planning, execution, oversight of implementation, managing project timelines and ensuring that project goals are on time
• Engineering Mentorship: Provide technical guidance, knowledge transfers, and mentorship to peers to develop their skill sets
• Vendor Management: Manage vendor interactions, scheduling health checks, support interactions, tool development, and awareness.
• Stay informed about advancements in AI and automation technologies and securely apply them to enhance efficiency whenever possible.
• Incident Response Escalation: Serve as an escalation point in the event of a security incident, ensuring timely and effective resolution.
• Work with large, complex data sets to extract insights and drive informed decision-making.
• Take ownership as a SME for a security tool/program or area of expertise. Driving strategy, developing roadmaps, managing vendors, and ensuring good platform health.

Requirements:

• Bachelor’s Degree (or equivalent) in Computer Science, Information Technology, Cyber Security, or related discipline.
• Minimum of 8 years of experience in roles related to information security
• Minimum of 2-5 years of experience in roles related to cloud security operations.
• Information Security Certification preferred (Azure Security Engineer Associate, CCSP, GCSA, CKS, etc.)
• Significant knowledge and experience securing Azure and Kubernetes
• Knowledge of SSDLC and interacting with app dev teams for implementation
• Knowledge of incident response and handling methodologies.
• Knowledge of general attack stages, attacker Techniques, Tactics, and Procedures (TTPs), and defense models. MITRE ATT&CK, OWASP ASVA, OWASP Top 10, ISO/IEC 27034, NIST SP 800-53.
• Experience with security control design and configuration in cloud and container environments.
• Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to a technical and non-technical audience.
• Self-starter, team player, and enthusiasm for learning