Consulting Director – IAAS Cloud Security Engineer
Senior level individual contributor responsible for performing on IAAS security projects during different phases – assessment, design, implementation, and post-implementation review. This role requires thought leadership experience in the Cloud and infrastructure domains in addition to technical leadership experience. This role will also help expand security capabilities through enforcement of existing compliance, vulnerability management, security monitoring, privilege access management, asset inventory, and more.
Essential Duties & Responsibilities
Own security in cloud for GCP Compute environment. Ensure that all VMs are in compliance with CNA security policies, standards and technical specifications.
Create a roadmap to achieve immutable infrastructure for all of CNA’s cloud footprint. Own the delivery of this roadmap.
Drive strategic consensus across multiple business units and technology teams to ensure smooth and secure migration of key CNA business applications to Cloud
Be a trusted GCP and IAAS lead for InfoSec initiatives by providing proven solutions to scale better CNA’s current deployment strategy.
Ensure appropriate security practices are communicated and implement their application security programs. Support adherence and awareness of these practices.
Direct application teams with onboarding the cloud security requirements; working with vendors to troubleshoot the platform and issues related to such integrations.
Leverage automated process to mitigate enforce security controls
Support the remediation of security vulnerabilities in the environment by working to triage them with application/project owners
Contribute to security requirements across CNA cloud applications, provide guidance for infrastructure and OS level security.
Advocate for cybersecurity software engineering best practices such as unit testing, code reviews, quality engineering, supply-chain protection etc.
Stay abreast of industry trends and best practices; conduct research, tests, and execute new techniques that can be reused and applied to SDLC.
Skills, Knowledge & Abilities
(Excellent; Proven; In-depth; Expert Knowledge; Senior-level knowledge, Senior-level technical knowledge. Ability to effectively communicate with all levels of employees within scope of responsibility)
Strong oral and written communication skills in the English language to work effectively with all levels of end users and IT personnel.
Expert knowledge of Cloud Security (GCP preferred). Experience with Prisma Cloud or Cloud Security Command Center is a plus.
Strong knowledge of OS and application configuration management at scale, including securing VM image pipelines and patch management.
Expert knowledge of both Windows server operating system as well as expertise with one or more various Linux operating systems
Expert knowledge of industry best practices for cloud infrastructure management at scale, including Infrastructure as Code, Immutable infrastructure, Golden Image management etc.
Proven track record of modernizing infrastructure and application provisioning processes at scale.
In-depth experience in providing Analysis of Alternatives for tools and capabilities from various on premise, Cloud-based, and hybrid resources
Mastery of automation tools (i.g. Concourse, Jenkins, Terraform, Ansible etc.)
You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them — and their family members — achieve their physical, financial, emotional and social wellbeing goals.