This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We are seeking a highly skilled Cloud Security Engineer to join our dynamic team. This is a crucial customer-facing role where you will be instrumental in designing, implementing secure cloud configurations, manual web application testing and securing complex cloud environments for our clients across Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS), with a strong emphasis on GCP. A fundamental part of your role will be demonstrating your ability to manually penetration test web applications.

• Perform manual penetration testing activities on Web Applications and Mobile Applications using black-box testing tools, in-depth penetration test techniques, DAST & SAST tools.
• Understand the application architectural components, business purpose of the application and code at high level.
• Highly familiar with OWASP Top 10 and the ASVS; act as the Subject Matter Expert within the organization.
• Design, implement, and optimize robust cloud security architectures.
• Respond to customer questionnaires, customer calls and create artifacts including network diagrams, architecture diagram, data flow diagrams.
• Configure, manage, and troubleshoot cloud-native firewalls and Web Application Firewalls (WAFs).
• Review all security alerts and resolve these alerts in a timely manner.
• Provide expert guidance on securing SaaS applications, including identity and access management (IAM), data encryption, API security.
• Lead and contribute to compliance initiatives, ensuring cloud environments adhere to industry regulations.
• Act as a trusted advisor to clients, effectively communicating complex technical security concepts.
• Support incident response activities by providing expert analysis and remediation strategies for cloud security incidents.
• Responsible for running the comprehensive vulnerability management and penetration testing program.
• Continuously research and evaluate emerging cloud security threats, technologies, and best practices.

Qualifications

• 10+ years of progressive experience in web application penetration testing, cybersecurity, with at least 4+ years focused on cloud security engineering.
• Strong organizational, administrative, project management and communication skills.
• Deep hands-on experience with Google Cloud Platform (GCP) security services and best practices.
• Strong practical experience with Microsoft Azure and Amazon Web Services (AWS) security services.
• Proven expertise in securing SaaS applications and understanding of common SaaS security challenges.
• Extensive experience with scripting skills, network security principles and implementation in cloud environments.
• Demonstrable experience with firewall management and Web Application Firewalls (WAFs).
• Hands-on experience with SIEM platforms including log ingestion, rule creation, and dashboarding.
• Strong understanding of cloud identity and access management (IAM) principles.
• Solid knowledge of compliance frameworks and regulations.
• Excellent communication, presentation, and interpersonal skills.
• Ability to work independently and as part of a team in a fast-paced, client-facing environment.
• Problem-solving mindset with a strong attention to detail.
• CISSP is required; Azure and Google certifications are highly desirable.

Requirements

• Bachelor's Degree in Statistics, Computer Science, Risk Management, Cyber Security, or related field.
• 5+ years of experience in web application penetration testing.
• 5+ years in cloud or network penetration testing.
• 4+ years of experience managing, tracking and supporting a security program.
• 4+ years of experience securing, configuring and supporting cloud environments (Azure and GCP).
• 4+ years of experience supporting a security operations center, managing security alerts.
• Provide guidance on security vulnerabilities and secure coding practices.
• Microsoft certifications a plus.

Security Certifications

• CISSP, GWAPT, OSWA or OSCP are required.
• CISM desirable and other certifications would be a plus.

Bonus Points If You Have

• Relevant industry certifications like OSWE or Cloud Provider Certifications.
• Experience with Infrastructure as Code (IaC) tools for security automation.
• Scripting skills (e.g., Python, PowerShell, Bash).
• Experience with container security (Docker, Kubernetes).
• Knowledge of DevSecOps principles and practices.

Benefits

• Competitive salaries, medical, dental and vision coverage.
• Disability coverage and employer paid life insurance.
• Mental health resources and 401(k) plan.
• Fully paid parental leave program.
• Generous PTO and flexible work schedules.
• Remote work opportunities and paid company holidays.
• Appspace Quiet Fridays (No non-essential internal meetings scheduled).
• A casual dress work environment.