Senior Cloud Operations Security Researcher
The Adobe Secure Software Engineering Team is looking for someone with extraordinary cloud operations security skills who is an expert in how to find, fix, and prevent vulnerabilities in our cloud infrastructure. The Adobe Secure Software Engineering Team is a dynamic, high-profile team involved in the development of every Adobe product, so this is a great opportunity to make a difference at a software company.
Lead operations security assessments including Detection and Response, Identity and Access Management, Network Security and Systems Security for Adobe’s cloud services.
Lead implementation of threat models, test plans, standards and procedures for Cloud Ops and DevOps teams.
Guide Cloud Ops and DevOps teams on adoption and execution of the Secure Product Life Cycle (SPLC) by defining security best practices and providing hands on training.
Find and fix security and privacy flaws across Adobe’s AWS and Azure cloud infrastructure.
Develop tools to automate security testing and enable efficient discovery and resolution of operations security problems.
Evaluate and recommend new and emerging security products and technologies
Respond to cloud operations security incidents
Communicate security information to users and customers through blogs, white papers, and/or conference presentations.
Maintain awareness of up-to-date threat and vulnerability profiles.
Conduct internal security training classes for management and engineering operations teams.
Develop and organize training manuals, multimedia visual aids, and other educational materials.
BS or MS in Computer Science, Engineering or a related discipline
8+ years of work experience focusing on operations and network security, or an equivalent combination of education and work experience
Deep knowledge of cloud computing stacks : SaaS, PaaS, IaaS
Advanced knowledge of public cloud services platforms including Amazon Web Services (AWS) and Microsoft Azure, with a security mindset, is critical to success in this role.
Thorough understanding of networking concepts and Internet protocols.
Solid background in Linux and Windows
Experience in automation (Chef, Puppet) and scripting skills (Bash, Perl, Python, Ruby, PHP)
Proactive, organized, analytical, detail oriented, and persistent.
Strong written and oral skills in English; (will occasionally interface with senior management)
The ideal candidate must be able to convey complex security issues and risks while maintaining a positive relationship with engineering teams
Minimal travel required
Nice to Have
Experience with SIEM products like Splunk ES
Knowledge of container solutions like Docker and orchestration frameworks like Apache Mesos, Google Kubernetes
Experience with regulatory compliance audits such as PCI DSS, SOC 2, and HIPAA