Senior Cloud Security Architect in Seffner, Florida at Rooms To Go

Date Posted: 8/5/2019

Job Snapshot

Job Description

Rooms To Go is looking for a Sr. Cloud Security Architect who can analyze, validate and consult on implementation corrective actions to work on minimizing cloud security risk in our multi-cloud environments.

As a member of Rooms To Go's Information Security team you will support the team in its goals of embracing cloud based technologies across multiple providers (Microsoft Azure, Amazon AWS, Oracle OCI, Google GCP, etc.), supporting differing service implementations (IaaS, SaaS, PaaS). The ideal candidate will be a highly-motivated individual with passion and excitement for cloud security and willingness to learn and build as much knowledge as possible in a fast-paced and dynamic environment.

As a Sr. Cloud Security Architect, you will be a strategic contributor in information security, problem solving and relationship management to lead internal programs aimed at: achieving certification and attestation of multi-cloud platforms against Rooms To Go security policies, industry standards and regulations, and government regulations, identifying and mitigating security risks in our cloud deployments; ensuring security alignment to corporate policies; and balancing security requirements with the dynamic needs of our users and the values of our company. In this role you will gain valuable experience and insight in protecting Rooms To Go's multiple cloud environments and will be at the heart of guarding our data and applications against advanced threat adversaries.

Responsibilities:

  • Become proficient with corporate and industry security requirements/best practices.
  • Stay current on cloud security policies, standards, regulations making recommendations for the company.
  • Work closely and collaboratively with the Chief Information Security Officer and Business units to support their needs.
  • Act as an advocate of information security policies, standards, controls and as an enabler to the business while managing risk appropriately.
  • Design technical security controls to meet Rooms To Go's requirements.
  • Design infrastructure to support security controls / operational controls.
  • Keep stakeholders updated with communications and weekly reporting.
  • Provide technical support, troubleshooting, and ad-hoc training (How do I/this isn't working) for the development teams
  • Provide technical support, troubleshooting, and training for the security team.
  • Deploy and maintain infrastructure related to security
  • Design and create IAM policies to enforce least privilege
  • Drive mitigation of reported risks from continuous monitoring solutions.
  • Act as a focal point in the implementation & delivery of a formalized information security awareness offerings.
  • Represent the Security Operations team with various stakeholders including: Infrastructure, Development, and Legal to drive remediation of identified risks, endorse preventative solutions, gather requirements, and influence stakeholders to reduce risk and maintain security alignment to corporate and or industry requirements.
  • Provide technical mentoring and knowledge transfer to members of the team.
  • Provide guidance on best security and operational practices in a multi-cloud environment.
  • Manage cloud security products (i.e. Cloud Conformity, Evident.io, Dome9, Redlock.io, etc.).
    • Manage addition/deletion of cloud accounts, ensuring continuous monitoring
    • User administration
    • Produce reports, scorecards and related metrics
    • Manage vendor(s) to meet the needs of the business
    • Assist in educating Rooms To Go regarding operating in the cloud in the following areas:
      • Networking
      • DNS
      • Systems administration
      • IAM
      • Cloud infrastructure
      • Automation
      • Encryption
      • Logging
      • Others as needed
      • Assist other teams with design decisions in the above areas (e.g. explain how DNS works in a VPC natively and how to integrate it with on-premise DNS)
      • Create and maintain infrastructure templates
      • Create and maintain build scripts, templates, and automations for creating custom AMIs
      • Create and maintain Lambda functions to automate guardrails/operational controls and processes (e.g. automating patching)
      • Track and report on the status of cloud security risks to corporate/industry requirements.
      • Maintain strong awareness of cloud security incidents in the external community to identify threats and opportunities for enhancement.
      • Gain deep security-level knowledge of cloud environments, continuous monitoring solutions to understand and provide direct guidance for security remediation activities.
      • Partner with operations teams to establish preventative controls to support security needs via automation.
      • Lead cloud threat intelligence program, responsible for gathering the necessary security intelligence, ensure correlation of threat intelligence with Rooms To Go systems, analyze the resulting threat from the relevant information and then formulate actionable responses and threat mitigation to ensure the protection of Rooms To Go's systems, customer information, and brand.
      • Lead evaluation, recommendation, implementation and support third party cloud security ecosystem tools. Examples include: Cloud Conformity, Evident.io, Dome9, Redlock.io, Cloud Custodian, etc.
      • Analyze and recommend cloud cost savings to reduce overall spend.
      • Support annual renewal and budgeting needs.
      • Perform all other duties as assigned.

Requirements

  • Cloud Computing
    • Demonstrated knowledge of multi-cloud platforms (AWS, GCP, Azure, OCI, etc.) to be able to identify and prioritize potential security challenges
    • Demonstrated experience of Infrastructure as a Service (IaaS) cloud platforms, such as: IAM, compute (i.e. EC2, GCE), storage (volume/object), networking (VPC, VCN, Load Balancers, Security Groups/List, NACLs), serverless (i.e. Lambda) etc.
    • Firm understanding of cloud console(s) navigation and CLI execution to research and query/validate potential security risks and of security violations.
    • Knowledge with native cloud security services AWS Trusted Advisor, Amazon Inspector/Google Cloud Security Scanner, AWS Configuration
    • Security Compliance Skills - Familiarity with security frameworks CSA, NIST, CIS, PCI DSS, etc.
      • Technical skills to identify and assess cloud security vulnerabilities and risks
      • Expertise in researching & evaluating identified vulnerabilities and risks pose to the organization's information and systems
      • Ability clearly explain identified risks and recommended remediation
      • Produce and communicate appropriate reporting & metrics to stakeholders
      • Cloud Security Continuous Monitoring Solutions
        • Demonstrated experience in administration/management of continuous monitoring solutions
        • Account Management: adding/removing cloud accounts
        • Manage continuous monitoring vendors to deliver on the needs of the business
        • Expertise with Jenkins, JIRA, Confluence
        • Understanding of containerization (Docker, Kubernetes, Elastic Container Service) and best practices to secure registries, images, workloads, etc.
        • Ability to clearly communicate technical concepts to all audiences
        • Performance oriented, self-directed ability to drive change & manage multiple projects
        • Appropriate escalation judgement & execution
        • High collaboration and influence skills

Education

  • Bachelor's degree
  • Six or more years of relevant work experience
  • Eight or more years of experience in Security, Compliance and risk management, including privacy, controls, etc.
  • AWS/Public Cloud Certified (e.g. Solution Architect Associate Certification)
  • One of more of the following certifications: Google Cloud Certified (GCP), Associate Cloud Engineer (ACE), Oracle Cloud Infrastructure(OCI), Certified Architect Associate (CAA), AWS Certified Solutions Architect -- professional, AWS Certified Security -- Specialty, CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP)