Cloud Security Threat Engineer

Job Type

Full Time

General Description

Responsible for analysis, design and implementation coordination for tool and service designs within the cloud security & identity domain. Securing software built and maintained by Popular. Work closely with in-house software development teams and vendors/third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications. In addition to securing software, will be expected to understand cloud computing principles, including virtualization, containerization, microservices and serverless computing. Risk management, security, container security, Kubernetes security, IAM security, network security, encryption, secrets management, data protection & securing CI/CD. Its key to maintain industry and cyber knowledge to optimize and align Populars application security processes and systems throughout the Software Development Lifecycle.

Essential Duties and Responsibilities

• Complete hands-on experience with Terraform, Packer, Ansible, Json for hardening images and CI/CD pipelines.
• Deep knowledge of securing APIs and Microservices platform
• Hands on experience with IAM Policy as code; OPA (Open Policy Agent); Cedar AWS opensource policy agent
• Expertise in Dev-Ops, CI/CD, and full life cycle management
• Experience working in DevSecOps, including knowledge and experience enforcing a secure software development lifecycle. (Github, Gitlab, Jenkins ,Ansible, Chef,Puppet)
• Experience using scripting languages (Python, Powershell, Bash etc.) to parse machine generated data, interact with REST APIs, and automate repetitive tasks.
• Identify solutions for common security problems while participating as a security specialist in an agile Application Security team.
• Work on security reviews, building relationships with software architects, developers, and engineers.
• Design and develop accelerators, security APIs, pipeline security automation.
• Developing and embedding secure design patterns, coding standards, education, and culture into the development community.
• Build, deploy, and automate comprehensive application security testing capabilities.
• Application security assessments, including code reviews, architecture reviews, threat modeling, and penetration testing.
• Act as an advocate and resource for secure software development and application security practices in all application life cycle phases.
• Promote API security design principles and perform API security reviews.
• Assists cyber incident triage, including determining scope, urgency, and potential impact, identifying the application code's specific vulnerability. Makes recommendations that enable expeditious remediation.

Education

Bachelor's degree in computer science, computer engineering, information systems, software engineering, or related field.

Experience

• 5 (five) years of experience working in security aspects of software engineering in a complex technology environment.

Certifications and Licenses

The following Certifications and Licenses are preferred but no required: