Senior Security Engineer

World Fuel Services, is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

This is a Security Engineer role within the Security Engineering team with no supervisor responsibility. This position has formal responsibility for the work products (timing, budget, quality, completeness) of their projects. The position provides guidance and technical/business expertise and adds measurable value through planning, coordination and/or communication. This position’s primary focus is providing Cloud Security Engineering for World Fuel Services extensive cloud environment and as needed provide support to external clients through our Kinect Consulting firm. These work responsibilities include:

• Independently contribute ideas and process improvements and look for creative solutions and better ways of doing things to continuously improve information security at WFS
• Make appropriate, timely and effective decisions that support the company and its business
• Act as security subject-matter-expert for Cloud Security by providing best practice guidance on how systems should be deployed or architected
• Ensure security is integrated into all cloud architecture solutions.
• Perform expert-level systems AWS development and design work that may include logical system design; I/O design; cloud architecture analysis and design; and systems engineering
• Provide hands-on technical design and implementation ensuring technologies are successfully incorporated into our environments
• Design and develop cloud-specific security policies, standards, and procedures
• Develop security technical roadmaps for future AWS cloud implementations
• As necessary perform or lead threat modeling exercises for cloud development
• Periodically perform risk and vulnerability assessments of cloud infrastructure to assess the information security risks to the Company. Recommend mitigating controls or procedures to eliminate or minimize identified risks
• Represent information security considerations in approved System Development Life Cycle, Change Management, Production Support, and technology-enabled projects
• Design and define AWS architecture for new secure cloud computing systems or existing
• systems migrating to cloud architectures
• Continuously identify, evaluate, rate, and report internal and external threats to the company’s information security posture. Evaluate, recommend, and implement reasonable security systems and/or procedures to mitigate identified threats
• Understand security trends and best practices within the industry and align them within company business directives
• Document all technical issues, analysis, client communication, and resolution.
• Prepare and publish Information Security reports as directed by management.

Requirements

The incumbent has in-depth knowledge and expert status in one or several key areas of expertise that is central to the company’s success. The position knows how their discipline interrelates with other parts of the company.

The following technical experience is strongly desired

• A practitioner of AWS Well-Architected Framework with emphasis on the ‘Security‘ pillar and AWS Security Reference Architecture (AWS SRA), knowledgeable and experienced with common Cloud reference architectures, security standards, best practices, control frameworks and an eye towards simplification
• Experience with Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
• Partner with engineering teams across the company to prioritize security issues identified during Security Due Diligence and Application Security Reviews.
• Provide expert advice and consultancy to customers on risk assessment, incident triage, threat modeling, and security vulnerability mitigation
• Dive deep with threat modeling and data flows to find underlying security issues
• Provide assistance with metrics delivery and improvements
• Strong documentation skills

The position requires the following management skills and experiences:

• Strong influencing skills
• Maturity, reliability, composure and stability under pressure
• Ability to adapt to new situations, people, ideas, procedures and to accommodate a constantly evolving work environment
• Strong communication skills and experience working with senior leadership: role must communicate effectively with Senior Executives in departments including Legal, Internal Audit and Human Resources, as well as M&A staff.
• Build successful relationships with customers, co-workers, internal audit and executive management
• Good listening skills and patience with others

The following credentials, licenses, and/or degrees are desired but not required if appropriate experience exists:

• AWS Certified Solutions Architect Professional
• AWS Security Specialty Certification
• Certified Cloud Security Professional (CCSP)
• Certified Cloud Security Knowledge (CCSK)
• B.S. in Computer Science, Cybersecurity, Management Information Systems, Engineering, or related technical field

Job ID : R13893