Cloud Security Engineer

About the Position

Blackstone’s Application Security (AppSec) Team is responsible for empowering 250+ builders to set and meet security goals by identifying and managing software risks while balancing security with agility.

You will join an ambitious and talented team of security engineers that are responsible for evolving how Blackstone “does security” as it continues to move to modern and next-generation architectures.

The AppSec team partners with Developers to build secure services, and with Engineers to build security into foundational platforms that developers build on. Together, we also empower members of the broader Cybersecurity team to take on their responsibilities within these new patterns.

Responsibilities

• Assess the risk of infrastructure, orchestration, and deployment systems built on cloud platforms through threat modeling, building attack trees, and occasionally penetration testing
• Communicate cloud platform vulnerabilities and mitigation options to stakeholders that balance business agility with security
• Partner with Engineering and DevOps teams to set security objectives in their roadmaps and design
• Lead and support the integration of vendor and/or custom-built security controls into foundational platforms
• Build efficient, resilient, and well-documented systems so the team can focus on the next challenge instead of operational overhead
• Establish policies & standards that guide builders to meet security requirements

Qualifications

• B.S. in Computer Science, Cybersecurity, Management Information Systems, Engineering, or related technology field
• 3-5 years of experience in Cybersecurity
• Developing in at least one software language, ideally Python but others are okay
• Experience with essential AWS services such as IAM, CloudTrail, EC2, S3, DynamoDB, Lambda, Config, and GuardDuty
• Creating and managing security controls within an AWS Organization with many Accounts
• Experience with essential Kubernetes services such as Pods, Services, Ingress, ConfigMaps, and access controls
• Creating and managing Kubernetes security controls that prevent and detect control plan and/or application compromise
• Building with HashiCorp Terraform, especially creating modules for others to use
• Using and securing HashiCorp Terraform Enterprise and creating Sentinel policies
• Using and securing HashiCorp Vault Enterprise or another enterprise secrets storage solution
• Using and implementing Application security tooling such as static analysis (SAST, dynamic analysis (DAST), software component analysis tools (SCA), and/or web application firewalls (WAF)
• Using and augmenting CI/CD tools and concepts to embed security into DevOps pipelines (DevSecOps)
• Has managed their work using agile methodologies including sprints and story estimation
• Has a passion for excellence and growth – challenges the current state with opinions grounded in principles and experience, not just best practices
• Able to take-on challenges and propose solutions with minimal guidance