Our Partners thrive The H-E-B Way. As a Cloud Security Architect, you would have a...
HEART FOR PEOPLE ... you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS ... you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS ... the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
Cloud Security Architects create and drive the architecture and design patterns for H-E-B's cloud security architecture, for both hybrid and cloud-first models. Cloud Security Architects will perform analysis of existing cloud security and ancillary service configurations, design and create new or enhanced security improvements. Cloud Security Architects also provide consultative services and work with internal business team members and external vendors to collect requirements, design specifications, and create solutions that are aligned with H-E-B cloud security strategy.
ROLE

• Serves as a subject matter expert for cloud security, providing guidance on industry best practices and defense in-depth strategies for the security posture of H-E-B cloud-based digital platforms.
• Works with project teams to measure the testing and evaluation of new solutions ensuring satisfaction of H-E-B security requirements.
• Works with internal Information Systems teams to design security controls and improve cloud security infrastructure to support business/engineering needs.
• Creates best-of-class security architecture designs and patterns for H-E-B, using defensible industry reference architectures and standards.
• Works to measure and design tests of cloud configurations and infrastructure for vulnerabilities and security relevant defects.
• Works to ensure all cloud infrastructure designs and implementations follow security and compliance control requirements, and to resolve any configuration gaps or defects through collaboration with respective stakeholders.
• Designs, develops, documents, automates, and implements security infrastructure in code.
• Creates and maintains security architecture specifications and design documentation.
• Supports setting the strategic security direction and approach for utilizing cloud-relevant technologies.

REQUIRED

• Minimum of seven (7) years of experience with the design and implementation of complex solutions in medium to large enterprises.
• Minimum of five (5) years of experience building and integrating systems in public or hybrid cloud environments.
• Minimum of three (3) years of experience with information security.
• Working knowledge of Amazon Web Services, Azure and/or Google Cloud Platform.
• Working knowledge of Terraform, Cloud Formation, Azure ARM Template, Pulumi, and/or Ansible with demonstrable proficiency with at least one.
• Solid understanding of web applications, web servers, application firewalls, frameworks, and protocols with respect to web application development, deployment, and operation in the cloud.
• Proficiency with cloud resources such as virtual networking, access controls (security groups and ACLs), service endpoints, application and network load balancing, API gateways, service principals, functions/serverless, storage buckets, containers, block storage and file shares.
• Working knowledge of information security controls, guidelines and standards (e.g., ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOC 2, and NIST).
• Experience and at least basic understanding of privacy and data protection regulations (e.g., PCI DSS and HIPAA/HITECH).
• Proficiency with Python, Golang, JavaScript, PowerShell, Perl, or *nix Shell scripting.
• Proficiency with secrets management and vaulting technologies.
• Familiarity with Agile and other project methodologies.
• Ability to work well under pressure and have great organizational and interpersonal skills.

RECOMMENDED

• A Bachelor's degree in Computer Science or Software Engineering.
• One or more professional security certifications such as CISSP, CISA, CEH, GIAC; and cloud certifications from AWS, Azure and/or GCP.
• Experience with cloud security tools for discovery, compliance, and vulnerability detection.

*** Position locations open to San Antonio, Dallas, and Austin, TX areas
ISSEC3232