Architect Cloud Security

Company Description

Boyd Gaming Corporation has been successful in gaming jurisdiction in which we operate in the United States and is one of the premier casino entertainment companies in the United States. Never content to rest upon our successes, we will continue to evolve and retain a position of leadership in our industry. Our past success, our current business philosophies and our sound business planning, combine to position Boyd Gaming Corporation to maximize value for our shareholders, our team members and our communities.

Job Description

The cloud security architect helps architect, deploy, and operate a secure cloud application infrastructure that aligns with business needs. The position is responsible for supporting operational innovation and providing security direction to the business to elevate the company’s security posture within our cloud computing infrastructure.
 

• Ensure Security Operations has essential logs and telemetry from the various cloud environments to detect, protect and respond from Cyber Threats
• Develop and maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system architects.
• Secure business applications and computing environments across public, private or hybrid cloud infrastructures.
• Protect business applications in compliance with privacy, security, business resiliency and compliance frameworks as defined in corporate policies.
• Conduct security architecture design reviews of large-scale cloud security projects and applications.
• Conduct security validation of our cloud templates, infrastructure, and processes
• Provide security expertise and direction on projects related to cloud security architecture design, implementation, and maintenance.
• Maintain a consistent, secure environment using configuration management solutions (e.g., Puppet, Chef, Ansible, etc.). Conduct rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts
• Handle and track security findings and risks to the enterprise
• Attend regular technical project and implementation meetings and serve as the security consultant to help guide secure application and infrastructure configurations
• Assist with development, maintenance and utilization of scripts (e.g., Python, Ruby, etc.) to support custom extract, transform load (ETL) tools with a security focus for data flow.
• Attend regular technical project and implementation meetings and serve as the security consultant to help guide secure application and infrastructure configurations.
• Actively monitor, assess and recommend tactical and strategic initiatives based on new and emerging threats posing risk to cloud computing environments.
• Manage remediation efforts after security assessment findings outline weaknesses requiring attention.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Assist in maintaining strong oversight with cloud computing vendors and solution providers to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
• Stay apprised of current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply learned knowledge across key lines of business, including products, practices and procedures.
• Act as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement with security operations and incident response teams.
• Attend and fully engage in change and project management meetings.
• Perform other duties as assigned.

Qualifications

• At least 5-7+ years’ experience in cybersecurity as a practitioner and with at least 2-3+ years exposure with Amazon Web Services (AWS), Microsoft Azure.
• Strong Linux and Windows support skills.
• Experienced in cloud networking architecture and cloud operations, with cloud access security broker (CASB) experience preferred.
• Familiarity with tools such as Git, Jenkins, Chef, Puppet and Salt.
• Network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP and public key infrastructure (PKI).
• IDAM experience, including OAuth and OpenID.
• Familiarity with security solutions such as Prisma Cloud, as well as tool such as Docker, Kubernetes and AWS CloudTrail, Guardduty.
• Experience with scripting languages such as Python, Ruby, PowerShell and JavaScript.
• Experienced in the use of threat intelligence services in a production environment.
• Experience and understanding of various regulatory requirements and laws, including but not limited to: Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: ISO 27001/2, ITIL or NIST.
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

Additional Information

Boyd Gaming is proud to be an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state, or local protected class.

Boyd Gaming is proud to be an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state, or local protected class.