Principal Cloud Security Engineer

Job Description:Principal Cloud Security Engineer - Container Platform SecurityThe RoleAs a Cloud Security Engineer, you will work within a diverse team comprised of passionate technologists who believe in the power of innovation and constant collaboration. We believe that small, empowered, self-motivated teams can achieve outstanding things. We are passionate about opensource contribution, sharing our expertise and knowledge with the engineering community while adopting a continuous learning approach supported by a dedicated learning day each week.The Platform Security Squad is seeking a highly technical, hands-on security engineer with experience on large-scale container platforms in production environments. This squad maintains the baseline security posture for Fidelity's container platform, spanning AWS, Azure and a multi-region private datacenter environment.

• Container runtime security and Cloud-Native Application Protection (CNAP)
• Container rehydration monitoring and vulnerability management
• Coordinate with Application Security teams to drive security tooling into the pipelines
• Support the audit compliance of supported platforms like API Gateway, Event Streaming etc
• Packaging and distribution of secure builds for virtual machines and base-containers
• Build and maintain automation that supports reliable pipeline deployed infrastructure

• 5+ years of experience in IT infrastructure, security, compliance
• A strong understanding of cloud service providers: AWS or Azure
• A strong understanding of cloud container platforms such as Kubernetes (AKS / EKS)
• Strong technical expertise with containerization, and container runtime environments
• Solid hands-on experience in production environments with at least one of the following:
  • Engineering/operational support of cloud security in AWS or Azure
  • Engineering/operational support for workloads in cloud container platforms such as Kubernetes (AKS / EKS)
  • Hands-on configuration of CI/CD pipeline security tools for cloud-native deployments
• Very strong with scripting languages, including integration with CSP APIs; python preferred
• Experience implementing infrastructure-as-code, pipelines and state management
• Experience with logging, monitoring, and alerting solutions
• Strong ability to work with YAML and JSON markup languages
• A strong understanding of various cloud service delivery models including IaaS, SaaS, and PaaS; automation; containers; virtual compute, storage, and networks; virtual infrastructure management; self-provisioning; and scaling
• Ability to work with application and security teams to promote a secure posture in the cloud
• You can mentor and train other team members to work effectively in the cloud
• You are a self-starter who can independently by reading technical documentation