Staff Cloud Security Engineer (Remote)

Allergan Data Labs is on a mission to transform the Allergan Aesthetics beauty business at AbbVie, one of the largest pharmaceutical companies in the world. Our iconic brands include BOTOX® Cosmetic, CoolSculpting®, JUVÉDERM® and more.

Our team has successfully launched a new and innovative technology platform, Allē, which serves millions of consumers, tens of thousands of aesthetics providers, and thousands of colleagues throughout the US. Since its launch in November 2020, Allē has delivered curated promotions, personalized experiences, and millions of consumers use it as part of their beauty journey. Now, we are looking for a Principal Cloud Security Engineer as we prepare to launch a new array of game-changing technologies on our successfully adopted platform.

We're looking for a Principal Cloud Security Engineer interested in working within a startup-oriented environment while having the backing of a very large company. If that's you, please read on.

As the Principal Cloud Security Engineer, you will report to the Director of Cloud Infrastructure Engineering, Security and DevOps, and will continuously collaborate with key stakeholders across the business to solve the most critical technical problems as a Cloud Security subject matter expert (SME). 

You Will

• Solve systematic problems for production security in a product, marketing and data science environment.
• Design, implement, and manage the security solutions program for cloud-based applications and infrastructure.
• Design and implement secure standards for technology including but not limited to Networking, Serverless, Kubernetes, Access Management (IAM/Service Accounts), Secure CI/CD, Cloud Security and Application Security.
• Create alignment between security engineering and various engineering disciplines on the Golden Path for security.
• Be responsible for leveraging security principles, practices and tools to improve the reliability, integrity and security of cloud applications.
• Partner with security teams both  internal and external to the organization to provide and solicit security guidance, drive adoption of security initiatives and transform them into actionable strategy.
• Stay current on all cloud architecture and security design, both for building new architectures and for adapting tried-and-true security tools and processes.
• Develop and implement security policies and procedures.
• Conduct security assessments and penetration tests.
• Create security reference architecture.
• Drive, monitor and respond to security incidents.
• Collaborate with other teams to ensure the security of cloud-based applications and infrastructure.
• Stay up-to-date on the latest security threats and technologies.
• Be a part of an Infrastructure Engineering team and DevOps practitioners that support the broader engineering organization.
• Lead technical initiatives and provide cloud security mentorship to other members of the team.

Required Experience & Technical Skills

• At least 8+ years in a Security Engineering discipline, plus 3+ years in a DevOps Engineering discipline
• Extensive experience as a cloud security engineer or similar role leading the development and implementation of cloud security controls
• CISSP or Industry recognized security certifications preferred but not required
• Strong foundation in cloud computing (AWS) and application security.
• Expert in threat modeling and secure architecture review
• Experience deploying and managing Developer Security Platforms and SIEM/CIEM solutions and tools
• Hands on experience in driving end-to-end security for cloud products - SAST, DAST, IAST, OSS scanning, pen testing
• Has authored and owned the compliance process for industry standard certification and frameworks such as: PCI HIPAA, SOC2, NIST CSF, SANS
• Subject matter expertise in multiple domains, including cloud security, web security, mobile security, AuthN/Authz protocols (SAML, JWT, OAuth, OpenID, Ping, Okta, etc.) and infrastructure security
• Familiar with building infrastructure to support Microservices and Event Driven Architecture using Serverless, Lambda, Docker, and Kubernetes
• Proficient with CI/CD pipelines, shell scripting and instrumentation/monitoring solutions (ie, Datadog)
• Proponent of infrastructure-as-code, least privilege access, observability and other DevOps best practices 
• Experience working with Software Engineers developing on serverless and containerized platforms
• Experience designing and building security services in a SecDevOps cloud operations model
• Experience translating compliance and security requirements into product requirements
• Experience in applying security to cloud technologies (Managing secrets, Securing CD pipeline, Secure Infrastructure as Code, Container Security)
• Experience with primary AWS services (EC2, ELB, RDS, Route53, S3, Lambda) and IAM implementation
• Expertise in cloud architecture and security fundamentals including containers, software-defined networks, high-availability design, multi-cloud, and serverless compute
• Deep knowledge of cloud operational models and secure SaaS architecture in a world of containerized microservices

Qualifications

• Bachelor's or advanced degree in Computer Science, Information Security, or a related field
• Experience with AWS and Google Cloud
• Experience with security assessment and penetration testing (+tools)
• Experience with security monitoring, security incident management and response
• Experience with security policies and procedures
• Strong understanding of cloud computing security principles
• Strong understanding of security threats and vulnerabilities
• Strong understanding of security technologies
• Strong problem-solving and analytical skills
• Strong communication and collaboration skills

 

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position.  Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range.  This range may be modified in the future.
  
  
• We offer a comprehensive package of benefits including paid time off. (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
  
  
• This job is eligible to participate in our short-term incentive programs.
  
  
• This job is eligible to participate in our long-term incentive programs.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company's sole and absolute discretion, consistent with applicable law.Compensation Range (Minimum - Maximum)$125,500—$238,500 USD

Core Values

• Be Humble: You're smart yet always interested in learning from others.
• Work Transparently: You always deal in an honest, direct and transparent way.
• Take Ownership: You embrace responsibility and find joy in having the answers.
• Learn More: Through blog posts, newsletters, podcasts, video tutorials and meetups you regularly self educate and improve your skill set.
• Show Gratitude: You show appreciation and return kindness to those you work with.

Perks for our Full Time Employees:

• Competitive salary.
• Competitive annual bonus targets.
• 401k with dollar for dollar match, up to 6% of eligible earnings (base, bonus).  Plus additional company contribution.
• RSU grants (Long Term Incentives) for approved roles.
• Comprehensive medical, dental, vision and life insurance.
• 17 paid holidays per year, including 3 floating holidays.
• Annual Paid Time Off (PTO), with separate sick days
• 12 weeks paid Parental Leave
• Caregiver Leave
• Adoption and Surrogacy Assistance Plan
• Flexible workplace accommodations.
• We celebrate our wins with opportunities to attend Lakers, Knicks, Anaheim Ducks, Anaheim Angels and NY Rangers games.
• Opportunities to attend concerts, festivals and other live entertainment events in recognition of delivering great work.
• Tuition reimbursement.
• Attend a tech or marketing conference of your choice each year.
• A MacBook Pro and accompanying hardware to do great work.
• A modern productivity toolset to get work done: Slack, Miro, Loom, Lucid, Google Docs, Atlassian and more.
• Generous discounts on SkinMedica skin care products.
• Discounted aesthetic treatment days multiple times a year.
• $600 worth of Alle benefits each year to use towards aesthetic treatments and products.
• Eligible for donation matching to over 1.5 million nonprofit organizations.
• Attend AWS Re:Invent in person (Las Vegas) or virtually each year (for certain roles)