Faction is seeking a DevSecOps Architect/Engineer to ensure that new and existing cloud initiatives are secure from Engineering to Operations (E2O) in accordance with audit and policy requirements in a fast-paced cloud environment. This leader will represent Information Security principles, best practices, and defined requirements for Faction’s IaaS and Managed Services offerings.

The ideal candidate will be passionate about security, a natural communicator, and a client security advocate.  The incumbent will be responsible for delivering to aggressive timelines and planning for the long-term while being adept at rapid response to attacks and vulnerability mitigation.

Primary Responsibilities:

• Architect, design, implement, and improve security measures for Compute, Network, and Storage across Faction’s Managed Services ecosystem
• Articulate strong and achievable security principles and technology standards that guide the design, engineering, deployment, operations, renewal, and deprecation of cloud products
• Collaborate with relevant internal departments and drive pattern definitions that mitigate security risks within the cloud environment
• Provide thought leadership using business communications, active collaboration, and cross-functional groupings to meet cybersecurity goals
• Take ownership of key initiatives and coordinate strategies with other members of the Cybersecurity team and DevOps leaders
• Operate Service security testing and validation procedures; script, document, and automate to achieve security at scale
• Design and implement a unified security layer across Faction’s Multi-Cloud Platform as a Service, application stack, centralized logging, vendor integrations, Machine Learning, and AI, as appropriate
• Develop, maintain, and communicate the Cloud Security Architectural Strategy in partnership with senior Business leaders
• Think and act strategically, staying abreast of cloud trends and advances in IT/Cybersecurity solutions
• Develop external partnerships with vendors and outside entities as appropriate
• Rapidly and adeptly respond to security vulnerabilities, threats, and attacks.

Challenges:

• Activities are highly visible and paramount to client satisfaction
• Fast paced, SLA-bound service provider environment
• Breadth of technologies supported
• High density cloud environment
• Operationally demanding schedule with some after-hours duties

Skills - Experience and Requirements:

• Bachelor's degree in Computer Science or Information Technology or a related discipline

• At least 10 years Cybersecurity experience, demonstrating deep and wide knowledge in the following areas: VMware, on-premise data centers, and Cloud-native architectures, including: AWS, VPC, Security Groups, IAM, Docker, KMS, S3 Encryption, RDS Encryption, HTTPS, SSL Certificates, Data Lake security, CloudFormation, CloudFlare, CloudFront, API Gateway, Lambda, egress proxies, application security, domain segmentation, authentication, data protection, and the secure automation of processes

• Enterprise-scale experience working within compliance and regulatory requirements, such as PCI, GDPR, NIST, and HIPPA in multi-cloud and on-premise environments

• Experience working in a risk-based environment including planning for and implementing risk avoidance, risk acceptance, risk limitation, and risk transference policies and practices

• Demonstrated ability to build and execute complex security plans in AWS, VMware, and VMC on AWS

• Excellent communication and influencer skills including the ability to simplify key messages, present compelling arguments, and promote technical and personal credibility with internal and external groups for both technical and non-technical audiences

• Experience with secure micro-services architectures

• Expert at threat hunting and penetration testing (CEH v.10 preferred)

• Experience designing effective Indicators of Compromise (IoC)

• CI/CD - Deployment (Jenkins, Ansible, Kubernetes)

• Secure Infrastructure as Code (Terraform, CloudFormation Templates)

• Relevant certifications are a plus: (CISSP, CCSK, CCSP, AWS Certified Security, CEH, etc…)