Cloud Security Engineer
Discovery CommunicationsBellevue, VA
Full Time Job
As Discovery’s portfolio continues to grow – around the world and across platforms – the Product Security team is building the people, process, and technology to protect Discovery’s direct-to-consumer, media technology, and IT systems to meet the world-class standard for which Discovery is known.
Within the broader Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cybersecurity professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more.
The Cloud Security Engineer is a technology and process focused security professional with an emphasis in information security, cloud architecture, cloud infrastructure engineering, cloud incident response, DevSecOps, and cloud related SOAR automation. As a member of the cloud security team, the Cloud Security Engineer will support the infosec functions of incident response, vulnerability management, compliance, and assessment while providing direct guidance to product and IT teams for all public cloud related matters in AWS, GCP and Azure.
Key Areas of Responsibility
• Act as a Cloud Security Subject Matter Expert for Infosec department
• Review cloud architecture and advise development teams on strong Security Design principles and identification of issues prior to systems or features deployed.
• Provide guidance for security remediation to business and IT partners. Speaking the DevOps and product team’s language by demonstrating real, practical risk and value.
• Develop cloud security solutions to meet incident response and participate in security incident response process as cloud SME.
• Research, innovate, and design cloud first security solutions.
• Partner with DevOps and SRE teams to consult on secure cloud development practices and build cloud security automation into pipelines.
• Develop security related artifacts and scripted solutions to help teams integrate security into cloud environments.
• Support SOAR Solutions to solve gaps integrating security into cloud environments.
• Mentor junior members of staff
• Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.
• Collaborate with senior management and department leaders to assess near- and long-term cloud security needs
• Staying current with the latest cloud threat mitigation tools and techniques
• Strong understanding of cloud-based infrastructure components with specific understanding of the security risks presented in a decentralized and hybrid environment.
• Comfortable automating processes start to finish and can work closely with cloud solutions engineering and product teams to help integrate security into their existing processes.
• Proficient in at least one scripting language (python, Nodejs, Golang)
• Real-world experience with configuration of log aggregation SIEM solutions through IAC.
• Hands-on experience with some the following:
• Docker and Kubernetes
• Developing & Securing Serverless applications
• Security administration in AWS/GCP/Azure
• CI/CD and DevOps Tooling (Git, Jenkins, CircleCI)
• Infrastructure as code tools (Pulumi, Ansible, CloudFormation, Terraform)
• Command Line experience (Bash, Powershell, AWS-CLI)
• Network & Infrastructure engineering
• Cloud native security related tools (AWS Guard Duty, AWS WAF, GCP Security Center)
• Elastic Stack
• Excellent verbal and written communication skills with a strong attention to detail
• Remains productive while rapidly switching context
• Thirst for knowledge and constantly driven to stay current with evolving threat landscapes
• Must have the legal right to work in the United States
• AWS Certifications – AWS Solutions Architect, AWS Security Specialty
• GCP Certifications - ACE, Other
• Security Product Engineering Certifications
• Previous Experience with DivvyCloud, QRadar, Splunk, TwistLock, PrismaCloud