This role is hands-on and technical. You will be the Subject Matter Expert (SME) within the team for all matters Cloud and Container Security respective to Vulnerability & Attack Surface Management.

Primary responsibilities include

• Managing, maintaining, and supporting our Container Security Vulnerability tool(s) to include managing the output and working hands-on with the DevOps and Infrastructure teams to drive remediation
• Supporting the building, production, and maintenance of metrics associated with the container security program
• Guiding development teams in best practices across all stages of the SDLC
• Monitoring and responding to Open Source Software weaknesses and exposures Building a very close working relationship with DevOps, cloud engineering, application development, and QA teams.
• Performing research and develop whitepapers/presentations/etc. regarding application security
• Developing and updating security patterns & user stories aligned with the security requirement

Qualifications

Required Skills/Experience:

• 5 years of strong applicable security experience
• Solid understanding of Cloud platforms such as AWS, Azure, and GCP Experience with container orchestration technologies such as Docker, Kubernetes, Openshift
• Hands-on experience with Agile, DevOps and DevSecOps methodologies is a plus
• Assist in developing an automated framework for Security Tool deployment and development, leveraging various scripting languages and open source solutions
• Understanding of Infrastructure as Code Experience moving to a DevOps / DevSecOps environment
• Experience with agile development and CI/CD pipelines Experience with container/orchestration tools
• Recent experience with enterprise configuration management software like Red Hat Ansible Automation, Puppet, or Chef
• Hands on experience AWS / Windows / Linux Security
• Highly proficient in at least one major scripting/programming language (Python, Ruby, Node, Java, R, Go…) Proficient in shell scripting (Bash, PowerShell…)
• Deep understanding of container security tools, and experience with products such as Rapid7.
• Ability to present complex, technical information to a variety of audiences, both technical and nontechnical, in written and/or oral formats
• Working knowledge of common security frameworks such as ISO/IEC 27001:2013, SOC 2, HiTrust, etc.
• Knowledge of insurance industry-specific regulations such as NY-DFS.
• Industry certifications like the Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), CompTIA Advanced Security Practitioner (CASP+), etc. are a plus

Salary: 

• 110k to 135k (Full-time)