What you’ll be doing...

At Verizon, we’re seeking highly technical cloud computing security experts with whom DevOps automation is second nature, to work on enabling a secure foundation for hosting critical workloads in our Multi-Cloud Platforms.

As a member of Verizon’s Cloud Security Integration Services you will enable the team in its goals of embracing cloud based technologies across multiple providers (AWS, Oracle OCI, Google GCP, etc.) supporting differing service categories (IaaS, SaaS, PaaS), IT Security team requires security skilled staff to support the demands of the business and to care for our customer base. Our Cloud Security Automation Developers will work with our application developers to bring the most secure cloud platform to bear on their problems through automated, repeatable processes.

While you must be able to communicate effectively with our customers to help them understand security issues and solutions as well as continuous delivery/Cloud concepts, this is very much a “hands-on” role. You will be expected to be at home creating automated solutions with CloudFormation, Terra Form, Ansible, Jenkins and other DevOps tools. While effective and articulate communication is essential, being able to breathe life into those ideas with code is equally critical. You will be expected to Evolve and strengthen the DevSecOps discipline with Security as Code to implement code based preventive, detective and reactive controls in the Public Cloud to ensure compliance to CPI-810 Policies.

Responsibilities:

  • Develop Security automation and APIs in the Public Cloud across the key pillars of security namely IAM, CICD Security, Security Logging, Incident Response, Data Protection, Compliance Validation. Security Analytics, Vulnerability Management, Platform and Application Threat Modeling etc. Collaborate with Security Platform and Services Teams to build and integrate existing security solutions.
  • Become proficient with corporate and industry security requirements.
  • Work closely and collaboratively with Information Security Officers (ISOs), IT Portfolios, and Business units to support their needs.
  • Act as an advocate of information security policies, standards and as a mechanism to enable the business effectively while managing risk appropriately.
  • Manage cloud security vendor products (i.e. Evident.io, Dome9, Redlock.io, etc.) for responsible IT portfolios.
    • Manage addition/deletion of cloud accounts, ensuring continuous monitoring
    • User administration
    • Signature management and tuning
    • Assist customers with solution integration features
    • Manage vendor(s) to meet the needs of the business
    • Produce scorecards and related metrics
  • Keep stakeholders updated with communications and weekly reporting.
  • Drive mitigation of reported risks from continuous monitoring solutions.
  • Gain deep security-level knowledge of cloud environments, continuous monitoring solutions to understand and explain security risks and mitigation techniques.
  • Partner with enterprise teams to establish preventative controls to support compliance via automation.
  • Stay current on cloud security policies, standards, regulations, and best practices.
  • Assist in the implementation of a formalized information security awareness offerings.
  • Support annual renewal and budgeting needs.
  • Represent the Security Automation team with various stakeholders including App Development, Compliance, Legal, Cloud Engineering to gather requirements, negotiate acceptance of security controls, and influence stakeholders to adopt security controls.
  • Engage with all levels of leadership to gather requirements, build appropriate cloud security technology roadmaps and implementation plans.
  • Engage with Application Development teams to collect feedback and requirements and drive enhancements to code and automation. Guide the application teams as required to adopt the security code based controls.
  • Maintain strong awareness of events in the external community to identify threats and opportunities for enhancement. Apply those learnings to design and implement solutions.
  • Provide technical mentoring and guide development of other developers in the team.
  • Groups, WAF, Logging and Monitoring, Remediation, Identity and Access Mgmt., etc.      
  • Develop Threat Models and Perform Security Health Checks in the Public Cloud environment and develop code to address threats and recurring issues.
  • Evaluate, Test, Implement and support third party Cloud ecosystem tools. Examples include Dome 9 - Network Security, TwistLock - Container Security, Cloud Custodian - Compliance, Evident.IO - Compliance etc.
  • Adopt and evangelize Agile practices and tools such as JIRA to deliver iterative working software.

What we’re looking for...

Must have:

  • Bachelor’s degree or six or more years of equivalent work experience.
  • Six or more years of experience in Security or Information Technology.
  • Two or more years of experience with AWS/Public Cloud (AWS Certified).

Ideally you will have:

  • Eight or more years of experience in Security, Compliance and risk management, including privacy, controls, etc.
  • CISSP Certification or willingness to obtain within six months.
  • Cloud Computing
    • Familiarity of Infrastructure and Platform Services such as IAM, compute (i.e. EC2, GCE), AWS Key Management Service/Google Cloud Key Management Service, storage (volume/object) etc.
    • Knowledge with native cloud security services AWS Trusted Advisor, Amazon Inspector/Google Cloud Security Scanner
    • Understanding of monitoring tools such as AWS CloudWatch/Google Cloud Monitoring, Splunk etc.
    • Awareness with Management Services such as AWS CloudWatch/Google Cloud Monitoring, AWS Lambda/Google Cloud Functions and AWS Config.
  • Security Compliance Skills
    • Produce and provide appropriate reporting to stakeholders (owners).
    • Expertise in researching & evaluating identified vulnerabilities and risks pose to the organization’s information and systems.
    • Technical skills to identify and assess cloud security vulnerabilities and risks.
    • Familiarity with cloud security frameworks CSA, NIST, ISO, CIS etc.
  • Cloud Security Continuous Monitoring Solutions
    • Demonstrated experience in administration/management of continuous monitoring solutions.
    • Signature Management: tuning of standard signatures, deployment of custom signatures.
    • Manage continuous monitoring vendors to deliver on the needs of the business.

22CyberArch

When you join Verizon...

You’ll be doing work that matters alongside other talented people, transforming the way people, businesses and things connect with each other. Beyond powering America’s fastest and most reliable network, we’re leading the way in broadband, cloud and security solutions, Internet of Things and innovating in areas such as, video entertainment. Of course, we will offer you great pay and benefits, but we’re about more than that. Verizon is a place where you can craft your own path to greatness. Whether you think in code, words, pictures or numbers, find your future at Verizon.

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences,including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.