Sr. Manager Cloud Security Engineering

Profile

Best Buy

Role Summary:

The Cloud Security Engineering Sr. Manager will lead the Cloud Security Engineering Team and work closely with our partners in Cloud Operations to define and enforce what secure looks like in the cloud. They should be an engineer with the desire to lead people and build a new engineering capability within Best Buy. The Cloud Security Engineering team will be converting security assessment and security research output into defined, auditable policy, working to integrate security into a variety of infrastructure as code systems and CI/CD pipelines. The Sr. Manager role is expected to be a hands-on engineer as well as leading a two person team of engineers that is expected to grow to additional direct reports in the future.

This role is part of Best Buy’s Enterprise Risk and Compliance (ERC) Organization and is a highly collaborative role with our engineering & cloud operations teams. They will act as a subject matter expert in Best Buy's cloud environments to support other functions within the broader ERC Organization such as incident response, forensics, attack surface management and compliance.

Responsibilities:

Team and capability leader for Cloud Security Engineering

Be a leader and mentor to a direct reporting team of (1) Engineer and (1) Associate Engineer

Foster an environment of inclusion and diversity where team members and colleagues can bring their full experience and ideas forward

Define desired outcomes for improving security in Best Buy's cloud environments

Serve as a Cloud Security subject matter expert for Best Buy’s Enterprise Risk and Compliance (ERC) Organization

Perform security penetration testing and security research on cloud infrastructure, CSP managed service offerings and containerized environments

Develop and maintain the methodology for performing Security Assessments against Cloud Native Infrastructure and Applications in all three major Clouds

Define and advocate for what 'good' looks like in all three major clouds

Translate defined 'good' configuration standards into policy as code

Leverage automation to enforce security policy in the cloud

Devise creative and pragmatic methods of mitigating security risks

Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.

Qualifications

: 5 years of work experience in security assessments against applications or cloud platforms, cloud engineering, or cloud security engineering

2 years of work experience leading technical teams

Strong understanding of cloud and cloud-native technology with specific understanding of how security risks manifest in these environments

Preferred Qualifications:

Knowledgeable in tools and techniques used by attackers to gain unauthorized access to systems

An understanding on how application-layer vulnerabilities affect cloud infrastructure

Comfortable automating processes start to finish and can work closely with cloud operations teams to help integrate security into their existing processes

Be forward thinking about new processes that embeds and enforces secure configurations

An understanding on how application-layer vulnerabilities affect cloud infrastructure

Experience using a scripting language to build security tools

Hands-on experience with some of the following technology: CI/CD and DevOps Tooling

Cloud native security tools (GCP Security Command Center, Azure Security Center, AWS Guard Duty)

Docker and Kubernetes

Command Line experience (Bash, Powershell, AWS-CLI)

Industry relevant certifications or trainings

Previous Experience with Cloud Security Posture Management Tools

Company info

Best Buy
Website : http://www.bestbuy.com