Associate Director, Cloud Security Engineering

About the job

Role Summary

The Associate Director of Cloud Security Engineering will lead the Cloud Security Engineering Team and work closely with our partners in Cloud Operations to define and enforce what secure looks like in the cloud. They should be an engineer with the desire to lead people and build a new engineering capability within Best Buy. The Cloud Security Engineering team will be converting security assessment and security research output into defined, auditable policy, working to integrate security into a variety of infrastructure as code systems and CI/CD pipelines. The Associate Director role is expected to be a hands-on engineer while leading a two-person team of engineers with high team growth potential.

This role is part of Best Buys Enterprise Risk and Compliance (ERC) Organization and is a highly collaborative role with our Digital and Technology engineering & cloud operations teams. They will act as a subject matter expert in Best Buy’s cloud environments to support other functions within the broader ERC Organization such as incident response, forensics, attack surface management and compliance.

Key Responsibilities

• Team and capability leader for Cloud Security Engineering
• Be a leader and mentor to a direct reporting team of (1) Engineer and (1) Associate Engineer
• Advocate for team and talent growth: defining roles, interviewing for positions, mentoring new employees, and developing training curriculums
• Foster an environment of inclusion and diversity where team members and colleagues can bring their full experience and ideas forward
• Define desired outcomes for improving security in Best Buy’s cloud environments
• Serve as a Cloud Security subject matter expert for Best Buys Enterprise Risk and Compliance (ERC) Organization
• Perform security penetration testing and security research on cloud infrastructure, CSP managed service offerings and containerized environments
• Develop and maintain the methodology for performing Security Assessments against Cloud Native Infrastructure and Applications in all three major Clouds
• Define cloud security engineering desired outcomes and measurable key results every 3 months
• Define and advocate for what ‘good’ looks like in all three major clouds
• Translate defined ‘good’ configuration standards into policy as code
• Leverage automation to enforce security policy in the cloud
• Devise creative and pragmatic methods of mitigating security risks
• Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations.

Basic Qualifications:

• 7+ years of work experience in cloud engineering, cloud security engineering, and/or penetration testing cloud environments
• 4+ years of work experience leading / mentoring technical teams
• Strong understanding of cloud and cloud-native technology with specific understanding of how security risks manifest in these environments

Preferred Qualifications:

• Knowledgeable in tools and techniques used by attackers to gain unauthorized access to systems
• An understanding on how application-layer vulnerabilities affect cloud infrastructure
• Comfortable automating processes start to finish and can work closely with cloud operations teams to help integrate security into their existing processes
• Be forward thinking about new processes that embeds and enforces secure configurations
• An understanding on how application-layer vulnerabilities affect cloud infrastructure
• Experience using a scripting language to build security tools
• Hands-on experience with some of the following technology:
  • CI/CD and DevOps Tooling
  • Cloud native security tools (GCP Security Command Center, Azure Security Center, AWS Guard Duty)
  • Docker and Kubernetes
  • Command Line experience (Bash, Powershell, AWS-CLI)
  • Industry relevant certifications or trainings
  • Previous Experience with Cloud Security Posture Management Tools