Senior Cloud Security Engineer, DTG
BE PART OF BUILDING THE FUTURE.
What do NASA and emerging space companies have in common with COVID vaccine R&D teams or with Roblox and the Metaverse?
The answer is data, -- all fast moving, fast growing industries rely on data for a competitive edge in their industries. And the most advanced companies are realizing the full data advantage by partnering with Pure Storage. Pure’s vision is to redefine the storage experience and empower innovators by simplifying how people consume and interact with data. With 11,000+ customers including 58% of the Fortune 500, we’ve only scratched the surface of our ambitions.
Pure is blazing trails and setting records:
- For ten straight years, Gartner has named Pure a leader in the Magic Quadrant
- Our customer-first culture and unwavering commitment to innovation have earned us a certified Net Promoter Score in the top 1% of B2B companies globally
- Industry analysts and press applaud Pure’s leadership across these dimensions
- And, our 5,000+ employees are emboldened to make Pure a faster, stronger, smarter company as we go
If you, like us, say “bring it on” to exciting challenges that change the world, we have endless opportunities where you can make your mark.
As a Cloud Security Engineer and member of the Pure Security Office, you will utilize your strong technical competencies to provide the highest level of implementation capability and technical consultation to IT, product, and shared service engineering teams throughout Pure.
You will lead to implement provider-agnostic cloud security solutions for monitoring, response vulnerability identification, and mitigation leveraging native cloud security and/or cloud-agnostic tools (i.e. CSPM, CWPP, CNAPP). Collaborate with cloud platform owners within engineering and IT organizations to secure-by-default cloud architecture solutions and implement a process to evaluate infrastructure-as-code, detect errors, and validate submissions prior to commit-to-production to improve cloud security posture. This is an activist role, not an “ivory tower” role.
SHOULD YOU ACCEPT THIS CHALLENGE...You will become intimately acquainted with how Pure runs its business and provides services to our customers leveraging cloud platforms and on-premise capabilities. Your primary task is to uphold and elevate the security standards of our cloud environments. We seek individuals who are passionate and self-driven experts in cloud security and operations, capable of enhancing our cloud infrastructure's defensive capabilities, offering optimal security practices to our partner teams, and working cross functionally to improve cloud security posture and cloud identity posture.
Our ideal candidate is someone who recognizes the importance of mitigating risks while enabling rapid and secure business operations. You understand that security should be an intrinsic aspect of the tools and processes that engineers utilize on a daily basis. As an experienced engineer, our team will look to you to provide expertise and guidance for our cloud environments and how our products and services run securely within them.
You are willing to dig into what does and does not work, then provide solutions with leading best practices. You will possess a thorough understanding of security principles, cloud hardening (AWS, Azure, GCP), implementing solutions, networking, and implementation of these solutions, and you must have significant experience in one or many cloud platforms.
Furthermore, you will also be experienced in delivering large scale and complex solutions for projects utilizing all the mentioned offerings and will also be skilled in scripting to enable automation of these processes where appropriate to show others how things can be done.
Qualifications:
- Work with the Cloud Security Architects and Cloud Platform owners and operators to design and implement provider-agnostic cloud security solutions for monitoring, response vulnerability identification, and mitigation;
- Perform and support attack surface analysis with the threat intel an incident response teams;
- Collaborate with IT and engineering organizations on secure-by-default cloud architecture solutions - from design to actuating change;
- Implement a process to evaluate infrastructure-as-code, detect errors, and validate cloud security configurations;
- Define and manage central security policies for our cloud infrastructure in collaboration with IT and engineering teams;
- Conducting and leading cloud threat modelling, driving change to leading cloud security best practices, and ensuring cloud platform configurations address security risk;Working with different teams for remediation of cloud security vulnerabilities, configurations, and secure alternative patterns;
- Contributing to the development, improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutions relative to our multi-cloud footprint;Building up and maintaining capabilities to support privacy requirements for sensitive data in the cloud;
- Assisting in analysis of data, identifying non-conformance trends, generating concise executive summaries, and recommending and actioning secure configuration improvements;
- Operating and executing cloud security solutions across implementation and operations for CSPM/CNAPP and cloud native security capabilities
- Leading and jointly delivering security evaluation reports on cloud providers (Azure, AWS, GCP), cloud native platforms (PCF, Docker, Kubernetes, etc.), and Software as a Service solutions;
- Implementing security requirements for cloud-based solutions in alignment to cloud infrastructure security standards such as ISO 27000 series, NIST CSF, and CSA CCM.
- A Bachelor of Science Degree in Computer Science, Engineering; or equivalent work experience;
- Strong domain expertise of cloud infrastructure compute, network and storage as well as the cloud control plane;
- Experience running workloads in one or more major cloud service provider (AWS, GCP, or Azure);
- Deep understanding of cloud service architecture and security concepts;
- Ability to define and implement automated metrics to measure service and program effectiveness and consistency;
- Understanding of configuration management, orchestration, and automation tools, such as Terraform, Ansible, Puppet, and cloud native tools in AWS, Azure, and GCP;
- Ability to communicate ideas and proposals concisely, both verbally and written, to executives and engineering leadership;
- Ability to identify, drive remediation, and implement security policies across public and hybrid cloud risks;
- Experience implementing and operating security for cloud native and distributed computing solutions with a principle of “Secure by Design”;
- Understanding of automation solutions and orchestration platforms (CI/CD, DevSecOps) impacted by cloud platforms;
- Knowledge of encryption and tunnelling protocol methods;
- Good understanding of security software implementations and communication (SSL/TLS, HTTPS, PKI, Firewall, etc.);
- Direct experience with common cloud security tools AWS/Azure/GCP native suites, Tenable Cloud, Ermetic, etc.;
- Direct experience with security laws and frameworks such as SOC2, ISO 27001, HIPAA, HITRUST, FedRAMP, PCI-DSS, and others.
Preferred Qualifications:
- A history of working with the security community through volunteering, contributing to open source security-related projects, presenting at conferences, etc. is highly preferred;
- Development experience in one of the following languages is a plus: Python or Go;
- Experience deploying security configurations and policies at scale using AWS stack sets, Azure Blueprints, Terraform, Service Control Policies, or similar;
- 6+ years of overall technical experience is preferred;
- 4+ years of full-time dedicated experience leading Cloud Security focused roles on delivering security on cloud native, distributed architectural solutions in complex environments;
- One or more technical security certifications is a plus:
- CCSP – Certified Cloud Security Professional
- CISSP – Certified Information Systems Security Professional
- CSSLP – Certified Secure Software Lifecycle Professional
- AWS Solution Architect Professional Certification
- Microsoft Certified: Azure Solutions Architect Expert Certification
- Google Professional Cloud Architect Certification
BE YOU—CORPORATE CLONES NEED NOT APPLY.
Pure is where you ask big questions, think differently, and make an impact. This is not just a job, but a place where you have a voice and can accelerate your career. We value unique thoughts and celebrate individuality, and with ample opportunity to learn, develop yourself, and expand into different roles, joining Pure is an investment in your career journey.
Through our Pure Equality program, which supports a flourishing field of employee resource groups, we nourish the personal and professional lives of our team members. And our Pure Good Foundation gives back to local and global communities through volunteering and grants.
And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events.
PURE IS COMMITTED TO EQUALITY.
Research shows that in order to apply for a job, women feel they need to meet 100% of the criteria while men usually apply after meeting about 60%. Regardless of how you identify, if you believe you can do the job and are a good match, we encourage you to apply.
Pure is proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other characteristic legally protected by the laws of the jurisdiction in which you are being considered for hire.
If you need assistance or an accommodation due to a disability, you may contact us at TA-Ops@purestorage.com.
APPLICANT & CANDIDATE PERSONAL INFORMATION PRIVACY NOTICE.
If you're wondering how or why Pure collects or uses information you provide, we invite you to check out our Applicant & Candidate Personal Information Protection Notice.
DEEMED EXPORT LICENSE NOTICE.
Some positions may require a deemed export license for compliance with applicable laws and regulations. Please note: Pure does not currently sponsor deemed export license applications so we are unable to proceed with applicants requiring stated sponsorship.