Information Security Cloud Engineer

Job Description:

The cloud security engineer helps architect, deploy and operate a secure cloud application infrastructure that aligns with business needs. The position is responsible for supporting operational innovation and providing security direction to the business to elevate the company’s security posture within a cloud computing infrastructure. An advanced role, the cloud security engineer helps deliver applications at scale and with resiliency to support business initiatives. The cloud security engineer is also expected to possess advanced administrative and troubleshooting skills, and be knowledgeable about architecture, engineering and design principles. The cloud security engineer should be adept at dealing with disparate applications and data systems to maintain the level of rigor required to adhere to business direction. Along with depth of system coverage, the role requires planning and design of policies and maintenance.  

ESSENTIAL FUNCTIONS INCLUDE BUT ARE NOT LIMITED TO: 

• Analyzes technologies and establishes highly effective processes and protocols to ensure comprehensive protection exists to defend against unauthorized entry into the company networks and systems. 

• Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.

• Secure business applications and computing environments across public, private or hybrid cloud infrastructures.

• Support the development and testing of standard cybersecurity design requirements for Medical Device Products

• Support the publication of documentation related to the management of cyber security in medical devices submissions

• Supports automation and orchestration to maximize team talent and reduce routine tasks.  

• Conducts independent verification and validation testing of the company networks and sensitive programs through internal team resources and independent consultant engagements.

• Stays abreast of the security industry threat landscape.

• Evaluation and documentation of cybersecurity posture of applications and infrastructure by leveraging standard and repeatable procedures informed by industry best practice guidance (NIST Cybersecurity Framework, NIST Risk Management Framework, NIST 800-53, NIST 800-63, NIST 800-64, NIST 800-124, NIST 800-144, ISO 2700x, etc.)

• Recognizes their personal developmental needs and is proactive in obtaining the coaching, networking, and training needed to ensure his/her continued success in the position.

• Acts as a change agent and drives the department and business forward using effective management, analysis, and strategic skills.

• Assumes responsibility for other duties as required or assigned

BACKGROUND AND QUALIFICATIONS:

• 5+ years of technical hands-on cyber security experience.

• Relevant security certifications (CISSP, CISM, etc.) or must be willing to pursue.

• Demonstrates strong written and oral communication skills.

• Understands service design and delivery concepts.

• Practical experience of OWASP, CVSS3.0, STRIDE framework, CVE and CWE required

• Familiarity with security solutions such as CSPM, CASB, CWPP, as well as tool such as Docker, Kubernetes and AWS CloudTrail.

• Demonstrates solid organizational skills and the ability to multi-task, prioritize workload and delegate responsibilities. 

• Leverages subject matter expertise in security and risk. 

• Ability to prioritize multiple tasks and develop innovative solutions to meet project expectations without compromising good design.

• Strong understanding of encryption, cryptography, and secrets (key) management

• Strong Knowledge of Cloud Compute Infrastructure (AWS, Azure)

• Is forward thinking and possesses business acumen.

• Possesses a high level of integrity, trustworthiness, and confidence, and represents the company and its management team at the highest level of professionalism. 

• Works effectively with a variety of personalities and can adapt his/her approach to effectively reach and develop his/her team. Uses this skill as well as his/her functional knowledge to both earn and maintain a high level of credibility with the team.

• Experience with MITRE ATT&CK and Cyber Kill Chain, including Tactics, Techniques, and Procedures (TTPs)

• Development skills including scripting (e.g., Python, shell scripting)

• Knowledge of STIX/TAXII, SIGMA, DISA STIGs

• Experience with Security Threat Modeling

EDUCATION:

• Bachelor’s degree in computer science, information assurance, MIS or related field, or have relevant business experience.

TransMedics is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, marital status, age, disability or protected veteran status, or any other characteristic protected by law. We are committed to creating an inclusive environment for all employees.