Here at Discount Tire, we celebrate the spirit of our people with extraordinary pride and enthusiasm. Our business has been growing for more than 60 years and now is the best time in our history to join us. We are opening more locations every year and we are always looking for qualified individuals to join us in our growth. We are a company that promotes from within, both in our retail and corporate operations.
Under minimal supervision, the Senior Cloud Security Engineer will design, deploy, and manage security technologies and modern automation tools for the enforcement of Discount Tire security controls across private and public cloud service platforms. This role will serve as a subject matter expert on cloud security and be an integral member of the organization's security and risk team. The role includes collaborating with software development teams, cloud engineering teams, and business teams to enhance and deploy industry best practices and cyber security solutions.
Essential Duties and Responsibilities:
• Design, implement, and maintain custom and native cloud security services in a large-scale hybrid multi-cloud cloud environment.
• Develop new automation, orchestration and configuration management tools and workflows to accelerate the secure migration to, and adoption of, public cloud services.
• Collaborate with security architecture and engineering, cloud platform engineering and operations teams to design and deploy adequate security controls to align with business strategies and roadmaps.
• Manage Discount Tire x.509 PKI services, certificate lifecycle management solutions, native cloud cryptographic solutions, and SSH key management (e.g. SCEP, ACME).
• Manage and configure Discount Tire Cloud Security Posture Management (CSPM) platform and Cloud Workload Protection (CWPP) configurations to align with NIST, CIS, ISO 27001, ISO 31000, and Cloud Security Alliance (CSA) security standards.
• Collaborate with software development teams in the deployment of automated 'Shift Left' and DevSecOps capabilites for vulnerability scanning of opensource packages, libraries, and containers, microservices, and serverless functions in the Jenkins CI/CD pipeline. To include infrastructure-as-code (IaC) scanning into CloudFormation and Kubernetes manifests.
• Manage the CSPM integrated vulnerability management dashboard to bring visibility of the Discount Tire multi-cloud technical security debt. Generate a reporting dashboard for compliance and leadership review.
• Configure and tune cloud web application firewalls (WAF), DDOS, and BOT protection policies and services.
• Collaborates with Security Operations Center with the development of Enterprise Splunk security event management and alerting on SaaS / cloud hosting provider security events.
• Participate in the standards development and implementation of applicable security and enterprise architecture standards.
• Ensure that accurate design diagrams, system configurations, process design documentation, operating procedures and application integration documentation is delivered and maintained.
• Coordinate with SOC and Splunk administration team to configure remote API log collection for cloud services and SaaS platforms.
• Provide support to Security and Network Operations Team, knowledge transfer and serve as escalation point for Tier III and IV issues.
• Completes work in a timely and accurate manner while providing exceptional customer service.
• Other duties as assigned
• Minimum 5 years demonstrated experience in cloud security domains and/or IT security engineering experience.
• Deep technical knowledge of Amazon Web Services, Azure, Salesforce and Google cloud platforms.
• Strong understanding of SaaS services and application workload security in the context of cloud services design.
• Stong background in systems engineering with Windows server and Linux (RHEL) Apache, SAP Hybris, MySQL, Tomcat, and native cloud services.
• Stong knowledge of network and web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Experience with mobile application and device security posture settings beneficial.
• Demonstrated proficiency to automate/script daily tasks through Java, JSON, Python, Bash, or equivalent.
• 4 years' experience / knowledge of LDAP/AD directory services, cloud identity federation services, OIDC/OAuth2, and SAML2 single sign on technologies.
• Solid understanding of x.509 PKI services, certificate lifecycle management, native cloud cryptographic solutions, SSH key management (e.g. SCEP, ACME).
• In-depth understanding of software development process, DevOps, Jenkins CI/CD, and BitBucket.
• Good oral, interpersonal, and written communication skills, and the capability to explain current threats to cloud infrastructure and/or IT infrastructures at technical and managerial levels.
• Ability to build relationships and operate within a collaborative team environment.
• The ability to work efficiently and accurately in highly collaborative team environment under pressure, meet deadlines, present a professional demeanor and work well independently is essential.
• In addition, troubleshooting, organizational and problem-solving skills with a can-do attitude and the ability to adjust to changing requirements are essential.
• Maintaining confidentiality, treating others with respect and upholding Company values is key.
• This position requires BA/BS Computer Science degree, Information Security or related field or equivalent work experience may be substituted.
• Security certification(s) desired (e.g., CEH, CCSP, CISSP, GIAC, etc.) or obtainable within 12 months.
• Cloud certification(s) desired.
• A Master's degree highly preferred.
Normal work days are Monday through Friday. Occasional Saturdays and Sundays may be necessary.
Normal work hours are between 7:00 a.m. to 5:00 p.m. Occasional overtime (more than forty hours per week) may be necessary.