Clicking on the following button will update the content below

Cloud Security Engineer
BrandBest Buy

Role Summary:
Members of the Cloud Security Engineering Team will work closely with our partners in Cloud Operations to define and enforce what secure looks like in the cloud. They should be fluent in the core tenants of Information Security, confidentiality, availability and integrity and able to translate them into Cloud-Native technologies and processes. Their expertise will be leaned on to scope penetration tests for containerized environments and cloud infrastructure. This person will be responsible for converting their security assessment activities in the cloud into methodologies which can be standardized on and translated into policy. This role will be focused on converting security assessment and security research output into defined, auditable policy, working to integrate security into a variety of infrastructure as code systems and CI/CD pipelines.

This role is part of Best Buy’s Enterprise Risk and Compliance (ERC) Organization and is a highly collaborative role with our engineering & cloud operations teams. They will act as a subject matter expert to support other functions within the broader ERC Organization such as incident response, forensics, attack surface management and compliance.

Key Responsibilities:
  • Serve as a Cloud Security subject matter expert for Best Buy’s Enterprise Risk and Compliance (ERC) Organization
  • Perform security penetration testing and security research on cloud infrastructure, CSP managed service offerings and containerized environments
  • Develop and maintain the methodology for performing Security Assessments against Cloud Native Infrastructure and Applications in all three major Clouds
  • Define and advocate for what 'good' looks like in all three major clouds
  • Translate defined 'good' configuration standards into policy as code
  • Leverage automation to enforce security policy in the cloud
  • Devise creating or pragmatic methods of mitigating security risks
  • Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.
  • Mentor other teams members and provide cloud security specific guidance to adjacent Technical Security Assessment team
Required Qualifications:
  • 3+ years of work experience in security assessments against applications or cloud platforms
  • Strong understanding of cloud and cloud-native technology with specific understanding of how security risks manifest in these environments
Preferred Qualifications:
  • Knowledgeable in tools and techniques used by attackers to gain unauthorized access to systems
  • An understanding on how application-layer vulnerabilities affect cloud infrastructure
  • Comfortable automating processes start to finish and can work closely with cloud operations teams to help integrate security into their existing processes
  • Be forward thinking about new processes that embeds and enforces secure configurations
  • An understanding on how application-layer vulnerabilities affect cloud infrastructure
  • Experience using a scripting language to build security tools
  • Hands-on experience with some of the following technologies:
    • CI/CD and DevOps Tooling
    • Cloud native security tools (GCP Security Command Center, Azure Security Center, AWS Guard Duty)
    • Docker and Kubernetes
    • Command Line experience (Bash, Powershell, AWS-CLI)
    • Industry relevant certifications or trainings
    • Previous Experience with Cloud Security Posture Management Tools

Auto Req. ID803296BR
Employment CategoryFull Time
Job CategoryEnterprise Risk/Information Security & Compliance
Job LevelIndividual Contributor
Location Number957473-105-Risk & Compliance
Address7601 Penn Avenue South


Clicking on the following button will update the content below