Principal Cloud Application Security Engineer

Principal Cloud Application Security Engineer

Principal Cloud Application Security Engineer

About Interos
Interos is the supply chain risk intelligence company - building the most trusted and transparent supply chains in the world. Our pioneering discovery and monitoring intelligence spans the lifecycle of supply chain risk, enabling faster and more informed threat mitigation. As the world's first, and only, automated supplier intelligence platform, we continuously map and monitor extended supply chains at speed and scale to protect organizations from regulatory fines, unethical labor, cyber-attacks, and other systemic vulnerabilities. Interos serves a variety of commercial, government, and public sector customers around the world including a host of Global Fortune 500 companies and from within the members of the Five Eyes nations. www.interos.ai.

 

The Opportunity
The Principal Cloud Application Security Engineer will lead the design and implementation of security solutions in support of Interos' product and cloud strategy. This position will focus on enabling business opportunities by ensuring the secure deployment of Interos applications and services. This role is responsible for securing cloud infrastructure, platforms, and software, and will collaborate with the Technology, Engineering, and Product teams to install, maintain, and upgrade the organization's cloud computing environments and core infrastructure. They are also responsible for documenting security in the public cloud platforms and maintaining security components of the cloud. Interos is at the forefront of Supply Chain Resilience Management innovation whose clients include Fortune 100 companies. As we embark on a critical phase of our growth, we are seeking a skilled and experienced Principal Cloud Application Security Engineer to join our dynamic team. This is a "hands-on-keyboard" type role. We are looking for someone to not just advise, but also implement secure solutions and serve as the technical expert for our organization.

Essential Functions/Duties

• Develop and implement comprehensive cloud security strategies aligned with business objectives
• Assess current security practices, provide recommendations for, and implement improvements; including providing expert guidance and actionable recommendations during and after assessments or any found vulnerabilities, to enhance the organization's security posture
• Stay Informed on Security Trends: Continuously monitor and stay up-to-date with the latest security trends, news, and emerging threats to proactively safeguard cloud infrastructure and data.
• AWS (Amazon Web Services) Expertise: Lead the migration to a new architecture on AWS, ensuring optimal security configurations
• Demonstrate subject matter expertise on AWS services, emphasizing security best practices
• Design and implement secure containerization strategies using Docker and orchestration with Kubernetes
• Ensure the security of containerized applications throughout the development and deployment lifecycle
• Utilize Terraform to define and provision infrastructure as code, ensuring security controls are embedded in the deployment process
• Implement automated security checks within the IaC pipeline
• Implement and manage security controls, encryption, and identity management within AWS environments
• Conduct regular security assessments and audits to identify and mitigate potential risks
• Collaborate with cross-functional teams, including developers, operations, and DevOps, to integrate security seamlessly into the development lifecycle
• Communicate security requirements and best practices effectively to technical and non-technical stakeholders
• Develop and implement incident response plans for cloud environments
• Establish and maintain effective monitoring and alerting systems for timely detection and response to security incidents
• Identify gaps in our security posture and prioritize remediation efforts

 

Required:

• Bachelor's or Master's degree (or equivalent) in Computer Science, Information Security, or a related field
• AWS certifications such as AWS Certified Solutions Architect Professional, AWS Certified DevOps Engineer Professional, AWS Certified Security Specialty
• Knowledge of IL5, FedRAMP, and government cloud security standards preferred
• Proven experience as a Cloud Security Engineer in a similar capacity
• Passion and experience as a Security professional - able to analyze and advise on current Security trends, including breaches and vulnerabilities
• Extensive expertise in AWS, including hands-on experience with AWS security services
• Experience implementing security controls, encryption, and identity management in cloud environments
• CISSP, CCSP, OSCP, GIAC, or related security certifications preferred. · Certified Kubernetes Administrator (CKA), Certified Kubernetes Security Specialist (CKS) preferred
• Proficiency in Infrastructure as Code (IaC) using Terraform
• Strong knowledge of containerization technologies such as Docker and orchestration with Kubernetes
• Familiarity with DevOps principles and integrating security into CI/CD pipelines a plus
• Excellent communication (written & verbal) and collaboration skills

 

Additional Information

• Location: Arlington Office or Remote-US
• Telecommute Option: Yes
• Reports to: Senior Director, Information Technology & Security
• Supervisory Responsibility: This position has no supervisory responsibilities
• Travel Requirements: This position requires minimal travel
• Work Environment: This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, printers.
• Physical Demands: This is largely a sedentary role. Physical requirements include occasional lifting/carrying of 5 pounds; visual acuity, speech and hearing; hand and eye coordination and manual dexterity necessary to operate a computer keyboard and basic office equipment. Subject to sitting, standing, reaching, walking, twisting, and kneeling to perform the essential functions. Working conditions are primarily inside an office environment.
• Compensation range is base salary of  $180,000 - $225,000. The salary range information provided, reflects the anticipated base salary range for this position based on current national data.  Minimums and maximums may vary based on location.  Individual salary will be commensurate with skills, experience, certifications or licenses and other relevant factors.  In addition, this role will be eligible to participate in either the annual performance bonus or commission program, determined by the nature of the position. 
• FLSA: Exempt

Benefits:

• Comprehensive Health & Wellness package (Medical, Dental and Vision) 
• 10 Paid Holiday Days Off 
• Flexible Time Off (FTO)
• 401(k) Employer Matching
• Stock Options 
• Career advancement opportunities 
• Casual Dress 
• On-site gym and dedicated Peloton room at headquarters  
• Company Events (Sports Games, Fitness Competitions, Birthday Celebrations, Contests, Happy Hours) 
• Annual company party 
• Employee Referral Program

Notice: Be Cautious of Employment Scams!

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of Interos. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that Interos will never ask for any personal account information, such as cell phone, credit card details or bank account numbers, during the recruitment process. Additionally, Interos will never send you a check for any equipment prior to employment.

All communication from our recruiters and hiring managers will come from official company email addresses (@interos.ai) or from Paycor (sometimes coming through as "Newton," a subsidiary). We will never ask for any payment, fees, or purchases to be made by the job seeker, and our interviews are conducted via phone calls and on-camera video meetings (not text-based messaging). If you are contacted by anyone claiming to represent Interos and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected].