Clicking on the following button will update the content below

Associate Cloud Security Engineer- Remote Eligible
BrandBest Buy

Role Summary:
The Associate Cloud Security Engineer is a security and process focused technologist with an emphasis in cloud infrastructure engineering, cloud native architecture and automation. The ideal candidate will looking to apply their strong technical background into a career in cloud and information security where they are positioned to make a large impact on technology that serves as foundation part of business enablement. Members of the Cloud Security Engineering Team will work closely with our partners in Cloud Operations to define and enforce what secure looks like in the cloud. They should have foundational knowledge of Cloud-Native technologies and a desire to understand how the core tenants of Information Security show up in cloud environments. Building on a foundation rooted in Cloud Infrastructure, they will be mentored in the practice of performing penetration tests against Cloud Infrastructure and at the container orchestration-layer. Their expertise in public cloud and automation will be leveraged to help translate security controls to defined, auditable policy, working to integrate security policy into a variety of infrastructure as code systems and CI/CD pipelines.

This role is part of Best Buy’s Enterprise Risk and Compliance (ERC) Organization and is a highly collaborative role with our engineering & cloud operations teams. They will act as a subject matter expert to support other functions within the broader ERC Organization such as incident response, forensics, attack surface management and compliance.

Key Responsibilities:
  • Serve as a Cloud Security subject matter expert for Best Buy’s Enterprise Risk and Compliance (ERC) Organization
  • Perform security penetration testing and security research on cloud infrastructure, CSP managed service offerings and containerized environments
  • Develop and maintain the methodology for performing Security Assessments against Cloud Native Infrastructure and Applications in all three major Clouds
  • Inform what 'good' looks like in all three major Clouds
  • Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.
  • Leverage automation to enforce security policy in the cloud
Required Qualifications:
  • 2+ years of work experience in cloud operations, automation or site reliability
  • Strong understanding of cloud and cloud-native technologies
Preferred Qualifications:
  • Familiarity with techniques used by attackers to gain unauthorized access to systems
  • Background in information security or cloud security
  • Comfortable automating processes start to finish and can work closely with cloud operations teams to help integrate security into their existing processes
  • Be forward thinking about new processes that embeds and enforces secure configurations
  • An understanding on how application-layer vulnerabilities affect cloud infrastructure
  • Experience using at least one scripting language (python, Nodejs, Go)
  • Hands-on experience with some of the following technologies:
    • CI/CD and DevOps Tooling (Git, Jenkins, Puppet, Cloud Build)
    • Docker and Kubernetes
    • Command Line experience (Bash, Powershell, AWS-CLI)
    • Industry relevant certifications or trainings
    • Previous Experience with Cloud Security Posture Management (CSPM) Tools such as PrismaCloud or Twistlock

Auto Req. ID803293BR
Employment CategoryFull Time
Job CategoryEnterprise Risk/Information Security & Compliance
Job LevelIndividual Contributor
Location Number957473-105-Risk & Compliance
Address7601 Penn Avenue South


Clicking on the following button will update the content below