Senior Cloud Security Engineer
Job Summary
Black Duck Software Inc. helps organizations build secure high-quality software minimizing risks while maximizing speed and productivity. Black Duck a recognized pioneer in application security provides SAST SCA and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code open source components and application behavior. With a combination of industry-leading tools services and expertise only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
The Senior Cloud Security Engineer is a key technical contributor and emerging leader within Black Ducks Security Operations team responsible for securing cloud-based SaaS platforms and infrastructure at scale. Operating with broad autonomy you design and operate security controls drive remediation with engineering partners and shape cloud security standards across the organization. The role combines specialized cloud security expertise across posture management detection and response and DevSecOps with increasing technical leadership: driving cross-functional initiatives coaching peers and translating technical expertise into systematic organization-wide improvements.
Essential Functions/Responsibilities
Act as Cloud Security Subject Matter Expert (SME); develop and maintain cloud security standards policies procedures and best-practice documentation defining Black Ducks cloud security baseline.
Design build and operate security controls for SaaS services running on AWS GCP and other cloud environments.
Continuously monitor cloud resources and configurations to identify security risks; triage findings and drive remediation with resource owners.
Identify threats through vulnerability assessments penetration testing support and log analysis; ensure security controls meet compliance requirements including SOC 2 and ISO 27001.
Automate cloud security controls data collection and workflows using Python Bash cloud APIs and infrastructure as code to improve operational efficiency and scale coverage.
Operate and enhance the cloud security tooling ecosystem including logging monitoring CSPM/CNAPP vulnerability management and detection platforms.
Integrate security controls into CI/CD pipelines and engineering delivery workflows advancing DevSecOps practices across the organization.
Lead containment forensic analysis and remediation for cloud security incidents in partnership with CSIRT and engineering teams.
Lead cloud security projects and major components of complex cross-functional initiatives; influence cloud security architecture and strategy decisions across engineering platform and IT organizations.
Design and improve cloud security processes and operational procedures to systematically reduce risk and increase organizational efficiency.
Communicate cloud security risks findings and recommendations to Director- and VP-level stakeholders.
Serve as a technical leader and coach for less experienced engineers; lead and participate in security reviews threat modeling sessions and architecture discussions.
Negotiate and build consensus across engineering platform IT and vendor partners; explain difficult or sensitive security information clearly to technical and non-technical audiences including executives.
Other tasks and activities as assigned.
Required Education/Experience & Skills
57 years of experience in information security with demonstrated depth in cloud security; minimum 3 years of hands-on experience securing cloud environments (AWS GCP Azure or equivalent) at scale.
Bachelors degree in Information Security Computer Science or a related field or equivalent practical experience.
Specialized knowledge of cloud security principles architectures and controls with depth in at least one major cloud provider.
Hands-on experience with containerized and Kubernetes-based platforms; experience with cloud security monitoring logging and CSPM/CNAPP tools; demonstrated ability to design implement and operate security controls at scale.
Strong experience with Python and/or Bash scripting for security automation tooling and integration; proficiency with infrastructure as code technologies such as Terraform CloudFormation or Helm.
Proven ability to lead projects and coordinate cross-functional teams; track record of designing process improvements and systematic changes that improve team or organizational outcomes.
Black Duck is an equal opportunity employer. We consider all applicants for employment without regard to race color national origin religion sex gender identity or expression age disability sexual orientation veteran or military service status or any other characteristic protected by applicable law. Black Duck complies with all applicable laws prohibiting employment discrimination in every jurisdiction where it operates and provides reasonable accommodations to individuals with disabilities in accordance with applicable law.
Required Experience:
Senior IC
About Company
Build high-quality, secure software with application security testing tools and services from Black Duck. We are a Gartner Magic Quadrant Leader in AppSec.