Company name
Best Buy
Location
Richfield, MN, United States
Employment Type
Full-Time
Industry
Engineering, Manager, Security, Retail
Posted on
Aug 31, 2021
Profile
Best Buy
Role Summary:
The Cloud Security Engineering Sr. Manager will lead the Cloud Security Engineering Team and work closely with our partners in Cloud Operations to define and enforce what secure looks like in the cloud. They should be an engineer with the desire to lead people and build a new engineering capability within Best Buy. The Cloud Security Engineering team will be converting security assessment and security research output into defined, auditable policy, working to integrate security into a variety of infrastructure as code systems and CI/CD pipelines. The Sr. Manager role is expected to be a hands-on engineer as well as leading a two person team of engineers that is expected to grow to additional direct reports in the future.
This role is part of Best Buy’s Enterprise Risk and Compliance (ERC) Organization and is a highly collaborative role with our engineering & cloud operations teams. They will act as a subject matter expert in Best Buy's cloud environments to support other functions within the broader ERC Organization such as incident response, forensics, attack surface management and compliance.
Responsibilities:
Team and capability leader for Cloud Security Engineering
Be a leader and mentor to a direct reporting team of (1) Engineer and (1) Associate Engineer
Foster an environment of inclusion and diversity where team members and colleagues can bring their full experience and ideas forward
Define desired outcomes for improving security in Best Buy's cloud environments
Serve as a Cloud Security subject matter expert for Best Buy’s Enterprise Risk and Compliance (ERC) Organization
Perform security penetration testing and security research on cloud infrastructure, CSP managed service offerings and containerized environments
Develop and maintain the methodology for performing Security Assessments against Cloud Native Infrastructure and Applications in all three major Clouds
Define and advocate for what 'good' looks like in all three major clouds
Translate defined 'good' configuration standards into policy as code
Leverage automation to enforce security policy in the cloud
Devise creative and pragmatic methods of mitigating security risks
Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.
Qualifications
: 5 years of work experience in security assessments against applications or cloud platforms, cloud engineering, or cloud security engineering
2 years of work experience leading technical teams
Strong understanding of cloud and cloud-native technology with specific understanding of how security risks manifest in these environments
Preferred Qualifications:
Knowledgeable in tools and techniques used by attackers to gain unauthorized access to systems
An understanding on how application-layer vulnerabilities affect cloud infrastructure
Comfortable automating processes start to finish and can work closely with cloud operations teams to help integrate security into their existing processes
Be forward thinking about new processes that embeds and enforces secure configurations
An understanding on how application-layer vulnerabilities affect cloud infrastructure
Experience using a scripting language to build security tools
Hands-on experience with some of the following technology: CI/CD and DevOps Tooling
Cloud native security tools (GCP Security Command Center, Azure Security Center, AWS Guard Duty)
Docker and Kubernetes
Command Line experience (Bash, Powershell, AWS-CLI)
Industry relevant certifications or trainings
Previous Experience with Cloud Security Posture Management Tools
Company info
Best Buy
Website : http://www.bestbuy.com