Senior Cloud Security Engineer

Job Description and Requirements

About the Synopsys Software Integrity Group

Synopsys Software Integrity Group helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior.
With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
For more information, go to www.synopsys.com/software .

Senior Cloud Security Engineer
  
As a Sr Cloud Security Engineer, you will be a key player on the Cloud Operations team servicing SIG Cloud Services. You will be responsible for security for all the SIG Cloud Services. You will assist in the development of cloud security requirements, conducting security risk assessments, evaluating security services and technologies. You will also be reviewing and documenting information security policies and procedures, as well as provide monitoring and oversight for alerts in this environment.

Duties and responsibilities

• Serves as the subject matter expert (SME) for Cloud Security. Develop standards, policies, and procedures, as well as best practices documentation.
• Participate in efforts that tailor the company’s security policies and standards for use in cloud environments.
• Build, monitor and proactively manage the security of our SaaS services running on AWS, GCP and other cloud environments.
• Translate security and technical requirements into business requirements and communicate security risks to different audiences ranging from business leaders to engineers.
• Propose and/or design technical solutions which include creating prototypes and proofs of concept while maintaining a security mindset.
• Lead and influence multi-disciplinary teams in implementing and operating Cloud Security controls.
• Provides Info security architecture & systems engineering consulting to other IT and business teams.
• Automate security controls, data and processes to provide better metrics and operational support. Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments.
• Stay current on emerging security threats, vulnerabilities and controls.
• Identify and Implement new security technologies and best practices.
• Evaluates new technologies against established requirements and validate the security of the technology.
• Identify processes/procedures for how to handle a cloud security event, including forensic isolation and mitigation with Incident Response teams.
• Supports the monitoring and maintaining cloud security suite of tools.  
• Identify new security threats by conducting continual monitoring, penetration testing, vulnerability assessments and log analysis.
• Train other team members on cybersecurity concepts and lead periodic Cloud security control testing such as network penetration tests, phishing simulations, social engineering simulations, and use the test results to suggest enhancements and remediations to business processes, employee training, etc.

Qualifications

• Experienced with security frameworks on cloud platforms (AWS, GCP, Azure), and protecting data in a variety of ways including anti-virus, firewalling, intrusion detection, and advanced analytics.
• Knowledge of Cloud Security fundamentals, including cryptography and the shared responsibility model for the cloud platforms.
• Experienced with various cloud native security solutions, similar to RedLock and Twistlock.
• Bachelor’s degree in related business or technical areas, or an equivalency of education and work experience.
• Minimum of 5-7 years of Cloud Security and/or security engineering experience.

• Clear passion for cloud Security and Cloud technologies.
• Must have experience implementing and managing cloud-native security solutions.  
• Expert knowledge of Cloud infrastructure, security architectures, and standards.
• Deep technical knowledge of Amazon Web Services, and Google Cloud Platform.
• Able to demonstrate clear understanding of current threats to Cloud infrastructure and/or IT infrastructures at technical and managerial levels.
• Able to automate/script daily tasks through Python, Bash or equivalent.
• Experience with web-based applications or web-services.
• Proficient in Linux system design, automation and operations Experience in designing and implementing standards, specifications and procedures.
• Demonstrated ability to take an initiative and be accountable for achieving results.
• Skilled in discussing complex security issues using understandable business terms.
• Very detailed knowledge of system security vulnerabilities and remediation techniques
• Security certification desired (e.g., CISSP, GIAC, CEH, etc).

Education & Work Experience: