Title: Senior Manager of Cloud Security
Salary Conversion: 165k max
Location: Englewood, Colorado 80112
As a Senior Manager of Cloud Security, you will ensure uptime and availability of critical application and infrastructure architectures. Your goal is to maintain operational readiness, stability, and to drive continuous improvement efforts. You will work with traditional infrastructure teams, application development teams, and cloud & platform engineering teams. You will collaborate with other IT teams working within our data centers and across multiple AWS accounts and Cloud providers to implement a vision for world-class service and availability.
The leader of this team must work closely with peers, and build excellent working relationships with senior leaders across the company. The ideal candidate has a proven track record of building dynamic teams, is a creative thinker, problem solver, teacher, learner, and a fantastic leader of people. The leader of this organization will build a team of subject matter experts who will need to have a robust mix of both technical knowledge of the systems and technologies that support our platforms, and a deep focus on customer experience. This leader must also have demonstrated excellence in Incident Management and Problem Management.
- Develops a strong team, able to perform effective Incident Management from incident start through resolution, partnering with Development and Deployment to determine root causes, and driving rigorous Problem Management to follow through on actions
- Challenges existing methods and drives new paradigms
- Provides both strategic leadership for the organization, and hands-on tactical daily leadership
- Develops strong working partnerships built on responsiveness and mutual accountability, with leaders inside and outside of the organization
- Sets monthly/quarterly goals and objectives and ensures resources are efficiently aligned to organizational goals and objectives
- Provide cloud practice adoption, technology expertise, and process optimization blueprints for enterprise initiatives.
- Provide leadership for the adoption of a NIST based risk management program to include knowledge and experience with the NIST 800 series standards
- Manage a team of cybersecurity engineers to include hiring, performance management, and team building
- Establish consistent industry standard processes, standards and guidelines for the Risk and Design, programs
- Establish enterprise class KPI tracking and management to ensure consistent actionable reporting to all levels of the organization
- Drive expansion and advancement of the program to ensure comprehensive identification of risk across all business units
- Work with management to develop long term strategy, annual plan and tactical plan for the risk and design program
- Exhibit exception written and verbal communication skills
Successful candidate must be willing to relocate & work onsite
- Bachelor’s Degree in Information Systems Security, Cybersecurity, Business or related field and/or equivalent work experience
- Minimum of ten (12) years of technology / engineering work experience
- Minimum of five (8) years management and supervisory experience
- Minimum of five (5) years of experience with Cloud Infrastructure and Security
- Minimum of five (5) years’ experience in security operations, vulnerability management, or cyber security risk management
Additional Job Qualifications:
- Exposure to a broad range of department and/or system analysis
- Ability to manage individuals and teams while managing the daily operations of the department
- Maintains knowledge to ensure compliance with Network Operations standards, policies and procedures.
- Expert-level understanding of risk assessment and management, vulnerability management, compliance, SDLC, application assessment, static code analysis, and penetration testing knowledge.
- Ability to perform duties in a very fast pace environment and ability to learn new technology quickly
- Ability to read, write and speak the English language to communicate with employees, customers, suppliers, in person, on the phone, and by written communications in a clear, straight-forward, and professional manner
- Skilled at working in a team environment and in cross functional team situations
- Should be able to be available on call
- Must be willing to work flexible schedules including evenings, weekends and holidays
- Experience with implementation of enterprise security solutions such as threat detection and hunting, malware intelligence, cloud security, posture management, or identity and access management systems.
- Experience assessing and mitigating risks related to public cloud deployment (e.g. AWS, GCP) including vulnerability scanning, baseline monitoring, backdoor monitoring, backdoor alerting, and reverse shell detecting.
- Experience with data privacy, security systems, and related protocols.
- Enterprise IT security risk assessments and related frameworks (e.g., ISO 27000 series, NIST 800 Series, COBIT, IT General Controls, etc.)
- Strong Product and solution knowledge of market trends in the cybersecurity industry (e.g., ransomware, attack frameworks, zero trust, etc).
- Understanding of networking concepts on Cloud such as VPCs, DNS PrivateZone, SLB, CDN, security group equivalents.
- Understanding of container technology (Kubernetes etc.) security such as container escape, malicious image, master/node security baseline.
- Experience implementing cloud native security controls using IAM, Config, Security Center, ActionTrail, CloudMonitor, KMS, WAF.
- Experience with security orchestration, automation and response tools, and very good understanding of vulnerability scanning tools.
- Implemented and managed DevSecOps capabilities in Cloud Environment.
- Proficiency in one of the following languages: Java, Python, Go.
- Passion for high-quality code, tests, CI/CD, documentation, production services and driving improvements in code quality, performance.
- Cloud or Security industry certifications.
- Office Environment
- Occasional travel as required