Verifone is looking for Senior Cloud Security SME to join our AWS infrastructure security program to build and manage rapidly growing AWS infrastructure. You will have the unique opportunity to develop your analytical, strategic, and technical skills needed around cyber security foundation.
You will be responsible for supporting Verifone’s AWS Cyber security assurance and compliance efforts in the areas of cloud formation template Library for Security Services, Application security, Security Access Operation, Security monitoring, Security Intelligence and Vulnerability management. Partner with infrastructure and application architecture teams to develop solution designs. Participate in the development of roadmaps and in the standards process for security AWS cloud solutions.
You will also be responsible for identifying vulnerabilities, assessing their risk, and working with developers, QA analysts, scrum masters, and others responsible for the software development lifecycle (SDLC) to remediate, mitigate, or accept the risk of these vulnerabilities. You will also be responsible for improving our automated testing processes integration with Engineering tools and processes, automation, and automatic reporting.
As the Cloud Security SME, you will help design and manage AWS servers and work hand and hand with AWS DevOps Engineers, you will be responsible for ensuring security policies and procedures are adhered to. You will be working with Cloud Formation and IAM security, along with Docker and Jenkins to ensure continuous and rapid deployment of applications.
Essential Duties & Responsibilities:
- Provide technical leadership, solution design, and hands on development support for security controls for infrastructure and software deployments
- Develop Threat Models and Perform Security Health Checks in the Public Cloud environment and work with developers to ensure code is secure to address threats and recurring issues
- Building automated security solutions with DevOps tools
- Lead the Security Automation team with various stakeholders
- Collaborate cross-functionally and engage with all levels of leadership to gather requirements, build appropriate cloud security technology roadmaps and implementation plans
- Maintain strong awareness of events in the external community to identify threats and opportunities for enhancement
- Evaluate, test, implement and support third party security tools
- Identify new security threats by conducting continuous monitoring, penetration testing, vulnerability assessments and log analysis
- Lead or assist in the management and configuration of File Integrity Management (FIM) products including monitoring, reporting, and analysis and development of use cases
- Lead or assist in the management and configuration of Security Information Event Management (SIEM) products including monitoring, reporting, and analysis and development of use cases
- Lead or assist in the management and configuration of Vulnerability Management products, including scanning and managing remediation activities
- Lead or assist in the management and configuration of Data Loss Prevention (DLP) products, including scanning and monitoring, reporting, and analysis
- Monitor and report on the security and PCI DSS Compliance of VeriFone’s network and information assets.
- Assist in the creation and operation of information security processes and procedures.
- May be called upon to assist and advise VeriFone teams with security elements of infrastructure or application projects.
- May be called upon to participate in a Computer Security Incident Response Team.
- Interface with IT Risk Management and Compliance to coordinate related policy and procedures, and to provide for the appropriate flow of information regarding risk treatment at VeriFone.
- Liaison with other organizations within VeriFone to manage IT compliance with industry regulations, as well as contractually enforced standards.
- SAST project support needed to onboard new applications
- Collaborate with Business Units on training and consulting services in analyzing risks and collaborate with application teams on solution options/recommendations to remove vulnerabilities
- DAST project support to deploy infrastructure in cloud labs and begin scanning applications as part of the DevOps Life Cycle
- Collaborate to train and on-board new applications and collaborate with application team on solution options/recommendation to remove vulnerabilities
Skills & Abilities:
- University degree in relevant subject area (computer science, computer management, information assurance focus etc.) or equivalent work experience
- Minimum 1 year development experience
- Minimum 3 years of application security experience
- 3+ years with AWS/Public Cloud (AWS Certified)
- 3+ years of experience in DevOps or CI/CD Pipelines
- 5+ years of software development or infrastructure experience
- 5+ years with security engineering, system and/or network security
- Hands on Experience with Management Services such as Cloud Watch, Lambda and AWS Config
- Programming and Ops Skills:
- AWS SDK and CLI for various AWS Services
- JSON/Cloud Formation
- Agile and DevOps Toolsets:
- Expertise with JIRA
- Experience with Test Automation Tools such as Ruby, Server Spec
- Expertise with Jenkins, Docker, Ansible, Stash, JIRA, Confluence
- Python, Bash, Perl Coding experience
- Puppet Scripting etc
- Terraform, AWS Cloud Formation etc
- Bitbucket, Confluence etc
- Linux Administrations
- Docker, AWS EC2 Container Service (ECS)
- Self-starter, Customer Centric Attitude
- IT Security Frameworks like CIS, NIST etc
- Authentication, Security firewalls & other security protocols
- Experience in the management and configuration of FIM, SIEM, DLP, VPN, Firewall, IDS.IPS, and Malware products
- Experience in the vulnerability Management, network penetration testing & remediation technique
- Experience in an Information Security operations environment and responding to security incidents
- Five plus years of experience in Information Security, audit, compliance, or a related field
- Understanding and experience with privacy and regulatory compliance including information security enterprise risk assessments, PCI remediation, data protection and strategy
- CISSP certification desired
- Provision and maintain the Cloud Hardware Security Module (HSM) crypto domain partitions
- Control access to AWS Cloud HSM
- Provide security and technical architecture guidance on HSM and data encryption solutions
- Generate and manage encryption keys
- Ability to work with cross-functional teams as well as external customers
- May require some travel domestically and internationally
Job Type: Full-time
Salary: $110,000.00 to $150,000.00 /year
- AWS Cloud: 4 years
- DevOps: 3 years
- Security: 5 years