ABOUT THE OPPORTUNITY
Avaya is seeking an experienced security professional to join the Product Security Support Team-PSST/S&T Security Team reporting into the Avaya Cloud OPS Org.
To be successful in this role the candidate must have hands-on experience and a proven record of securing one or more of the cloud platforms: GCP, Azure and/or Data Center-Hosted Cloud Solutions. They must embrace continual learning, be willing to mentor and share their security knowledge with other team members, work on multiple projects simultaneously, effectively engage and consult with a diverse group of internal (e.g. Dev, Test, OPS, IT/Corporate Security, Professional Services, Product Management, Sales, etc.) and external (e.g. Avaya Customers, Business Partners, 3rd-party SaaS/OEM/Resellers, External Security Researchers, etc.) stakeholders, and establish oneself as a recognized thought leader among consulting engineers within the Avaya community.
*US CITIZENSHIP IS REQUIRED
*PHYSICAL LOCATIONS ARE IN IRVING, TX AND THORNTON, CO. VIRTUAL OFFICE IS ALSO AN OPTION
ABOUT THE RESPONSIBILITIES
• Internally focused Cloud Security Architecture & Consulting:
o Create/Contribute to the development of Avaya Common Security requirements for Cloud, Hybrid and Enterprise Applications based on industry standards, regulations, and security best practices. (e.g. PCI DSS, HIPAA, FedRAMP, STIGs, GDPR etc.)
o Architect/Design Common Security Frameworks for Cloud, Hybrid and Enterprise Applications (IAM, Containerization, Certificate Management etc.)
o Consult with Avaya Offer teams during the Avaya Product/Solution/Cloud Offer design and development process. Coverage areas can include: IAM, Infrastructure Hardening, Encryption & Ciphers, Certificate Management, APIs, Containerization, Web App/Services, GCP/Azure Cloud Security, Privacy Protection, Regulatory Compliance.
o Recommend and integrate cloud-native/SaaS security services, security automation, consult with teams in deploying best-in-class/Avaya S&T-required security tools, CI/CD, DevSecOps, and Industry best practices.
o Work with Cloud vendors and external security researchers to resolve security gaps in Avaya Cloud Offers.
o Review/Assess security hardening for Cloud, Hybrid and Enterprise Applications using standard security tools and methodologies. (e.g. Threat modeling, vulnerability assessments, penetration testing, etc.)
o Create security processes, policies, and support security vote-related efforts at Portfolio Management Team reviews.
Additional PSST/S&T Security Team Skillsets/Roles (i.e. candidate has the opportunity to collaborate with PSST/S&T Security Team members on the following):
• PSST/Avaya Security Consulting, Hardening and Penetration Test capabilities involving Avaya’s GCP and/or Azure Cloud-based Offers:
o Ethical hacking/penetration testing and proof of concept exploits against Avaya Cloud Offers (GCP, Azure and Data Center-Hosted; Staging and Production environments), ensuring the security posture of Avaya’s Cloud Offers, and providing evidence in support of compliance/AOC engagements (e.g. PCI DSS, HIPAA, HITRUST, FedRAMP, etc.)
o Security consulting targeted towards defending against cybersecurity attacks of Avaya Cloud Offers (e.g. Development, Test, Staging and Production environments). Role includes consulting coverage for infrastructure protection, security-related forensics, incident response, damage control and operational security.
• Vulnerability Threat Management (VTM):
o Oversight of Avaya’s VTM policies, system/database, interact with product teams towards tracking/resolving product vulnerabilities, and creation of Avaya Security Advisories-ASA’s (posted at https://support.avaya.com/security)
o Serve as a member of Avaya’s CVE Numbering Authority-CNA and manage the firstname.lastname@example.org mailbox which serves as a primary point of contact for external security researchers. Interface with Avaya product teams, Legal, PR/Communications, upper management, etc. as required.
• Security-related Support:
o Consult with product teams in support of Development/Tier 4-owned security escalations/tickets.
o Active membership in Avaya’s Solutions Architecture/SOLSARCH, Security Council, Cybersecurity VT, and Avaya’s Incident Response Teams.
o Serve as Security Consultant / Subject Matter Expert in partnering with Pre-Sales/Sales, Professional Services, and associated Delivery teams across Avaya to address customer Security concerns.
ABOUT THE REQUIREMENTS
• 10+ years of security experience with 2 years of hands-on experience and a proven record of architecting and designing secure (one or more) GCP, Azure-Hosted Cloud Solutions
• At least 5 years of hands-on experience and a proven record of securing large enterprise-based applications.
• At least 2 years of Cloud Offer penetration test, security consulting, assessment, hardening, compliance, and operational security support
• Experience collaborating with auditors on compliance engagements e.g. PCI DSS, HIPAA, HITRUST, FedRAMP Attestation of Compliance-AOCs
SKILLS & COMPETENCIES:
• Ability to architect common security frameworks based on industry standards and best practices
• IaaS/PaaS/SaaS experience securing GCP, Azure and/or hybrid-based Cloud Solutions
• Knowledge of industry security standards (CIS Benchmarks, PCI DSS standards, STIGs, GDPR etc.)
• Experience with security penetration testing and associated open-source and commercial security tools (e.g. Qualys, Automated and Manual Web App scanners and proxies, API/protocol fuzzers, container and database scanners, Metasploit, Cloud-native security tools, etc.)
• Ability to create customized scripts (e.g. via Python, Perl, Ruby) and Proof of Concept exploits is desirable
• High-tech product software/firmware support experience. In-depth problem-solving skills with demonstrated ability to isolate problems to specific software/firmware components
• Demonstrated teamwork experience and desire to work in a fast-paced security consulting role.
• Excellent oral and written communication skills are needed to provide detailed technical analysis tailored to Avaya-internal as well as external customers.
• Full time, globally dispersed team can require early morning (MST) calls, little to no travel required.
• B.S., B.E., or B.Tech degree in Computer Science, Computer Networking, or related discipline
• M.S., M.E., M.Tech, or MCA degree or equivalent experience is desirable.
• Relevant certifications are desirable (e.g. AZ-900, AZ-500, Google Professional Cloud Security Engineer / Architect, GIAC GWAPT, GCIH, GCSA, CISSP, CISA, CEH, OSCP, etc.)
COMPENSATION – SECTION PERTAINS TO COLORADO APPLICANTS ONLY
(Colorado only*) Minimum salary of $125,100 + bonus + benefits.
• Note: Disclosure as required by sb19-085 (8-5-20) of the minimum salary compensation for this role when being hired into our offices in Colorado.
Explore our current opportunities @ https://www.avaya.com/en/about-avaya/careers/welcome/
Follow #AVAYALIFE & visit our ‘Life Page’ on LinkedIn
Nearest Major Market: Denver
- Salary Offer $125,100/yr
- Address Thornton, CO, USA
- Experience Level Senior
- Total Years Experience 10-20