Description
Job Description Summary
The Cybersecurity Engineer provides design and engineering expertise for the Cybersecurity organization to application support teams delivering external and internal services. A successful candidate can bring their expertise in Kubernetes, containers, and DevOps practices to our Cybersecurity team. If you're passionate about securing cloud-native applications and infrastructure, this role is for you! The Cybersecurity Engineer is responsible for providing diverse solutions preventing attacks ranging from brute force exploitation to sophisticated lateral movement that are in alignment with overall business and cybersecurity objectives.
Even if you don't have direct cybersecurity experience, we're interested in talking to you if you have a strong background in Kubernetes, container orchestration, and DevOps principles. We'll provide you with the training and support to apply your skills to securing our applications and APIs against various threats. In other words, this is a great opportunity to transition into Cybersecurity!
The position is a member of a collaborative agile team that is motivated and self-organizing. Team members are focused on providing similar cybersecurity capabilities that are high-quality, easily consumable, and optimized to provide security mitigation value. The team is empowered to make decisions on how the capabilities are delivered, operated, and improved.
Key Responsibilities
- Provide excellent customer service for internal and external customers in support of security initiatives, incident response, and operational support.
- Develop, maintain, and automate application protection technologies throughout Huntington's enterprise environment.
- Provide subject matter expertise to the Cybersecurity Operations Center that is monitoring and responding to alerts and incidents.
- Demonstrate flexibility and resiliency responding to dynamic or ambiguous situations.
- Stay current on industry trends, evolving application protections, cloud provider capabilities, and the ever-increasing threat landscape.
- Perform implementation of CNAPP tools in multi-account AWS, Azure, and OpenShift environments.
- Develop Infrastructure as Code (IaC) using Terraform and integrate security scanning into CI/CD pipelines.
- Develop custom control checks within CNAPP Platforms using JSON, REGO, or Terraform.
- Collaborate with DevOps and application development teams to build secure enterprise applications.
- Troubleshoot and maintain the security of our Kubernetes clusters and container environments.
Basic Qualifications:
- 5 Years of any of the below basic qualifications experience combined:
- 3+ years of experience working with Kubernetes and container orchestration platforms.
- 3+ years of experience managing the security of pods/containers and images.
- 3+ years of experience deploying code using Terraform.
- 3+ years of experience with container orchestration networking.
- 3+ years of experience integrating and managing security platforms in corporate environments or developing secure enterprise business applications.
- 3+ years of experience with at least one high level programming language (e.g., Python, Go, Java, JavaScript, etc.).
- 3+ years of experience integrating security tools into CI/CD pipelines and collaborating with DevOps and application development teams.
- A Bachelor’s degree or equivalent work experience.
Preferred Qualifications:
- Hands-on experience building security into various products, infrastructure, or platforms or experience with DevSecOps.
- Extensive experience operating a Cloud Workload Protection platform such as Aqua Security (preferred), Palo Alto Prisma Cloud, Lacework, Dome9, Snyk, Wiz.io, or Orca.
- Knowledge in understanding various domains such as security architecture, system and network security, authentication and authorization protocols, cryptography, and application security.
- Cloud Security certifications are preferred.
- Experience securing public, b2c, b2b, and internal APIs.
- Experience automating the provisioning and verification of on-premises and cloud security services.
- Advanced level knowledge of operating systems (e.g., Windows, Linux, & Unix).
- Experience working in an agile work team.
- Thrives in fast pace and dynamic environments.
- Energized by mitigating sophisticated threats targeting enterprises and customers.
- 3+ years of experience working with security by design principles, architecture level concepts, security frameworks (NIST and PCI), OWASP, etc.
- 5+ years of experience in a role that requires written and verbal communication with customers.