Senior Cloud Security Engineer, Zoro
Company Summary:
Zoro.com is an eCommerce company that sells business supplies, equipment, and tools—but we’re much more than just a website. We’re a team of people who win and lose together (we prefer winning!). Since 2011, Zoro has been working hard to make it easy for our customers to purchase everything they need to make their businesses go. Zoro currently offers 3 million products, fast and free shipping, no-hassle returns, and exceptional customer service. We’ve grown quickly in a short time, recently surpassing 400 team members and reaching annual revenue of over $500 million. Add to that our award-winning culture—we were named a Great Place to Work for 2019-20, among other accolades—and we think Zoro is a pretty amazing place to work and grow.
Primary Function:
This individual will serve as a thought leader and security expert for Zoro and is responsible for evaluating, implementing, and managing security tools designed to protect, detect, and monitor the cloud infrastructure and SaaS applications Zoro utilizes. He or she will also be assessing, recommending, and designing security controls for existing systems and applications operating in our environment.
Duties and Responsibilities:
- Designing and developing security solutions to protect Zoro’s cloud infrastructure and overall computing environment that involves various cloud-based applications and services
- Managing projects to implement security functions/tools
- Creating documentation for security tools and services
- Providing feedback on new and existing security policies
- Creating and maintaining security procedures
- Keeping abreast of security industry standards, technology changes, trends, and best practices
- Reviewing and approving security infrastructure change requests
- Assisting in designing solutions to meet remediation requirements from audits, security reviews, external regulatory changes, PEN Tests, PCI changes
- Acting as the point of contact with the SOC (operated and managed by Zoro’s parent company – Grainger)
- Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
- Lead in the selection of vendors, devices, and tools and manage vendor relationship
- Mentor and train junior security team members
- Assist with security incidents that Zoro may face in alignment with our response processes
- Partner and execute changes in information security based on results from analysis received from internal/external and other functions as deemed appropriate
- Provide subject matter expertise for architecture, planning and roadmaps
Qualifications:
- Bachelor’s degree in Information Systems or related degree, or equivalent job experience
- 3+ years cloud infrastructure operations or information security risk compliance experience
- 3+ years of experience in cloud security engineering and operations
- Strong knowledge in AWS and/or GCP computing environment
- Web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten
- Practical knowledge and/or implementation experience in security frameworks such as NIST Cyber Security Framework, CIS Top 20, and ISO 27001
- Understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
- Highly self-motivated
- Strong attention to detail
- Strong analytical and problem-solving skills
- Strong verbal and written communication skills
- Strong interpersonal and conflict management skills
Final note: We share a commitment to our Zoro values – Win & Lose Together (We prefer winning!), Take Ownership, We Are Transparent, and Aspire to be Customer-Obsessed. Everything we do at Zoro is centered around delighting our customers. It's a natural extension of our company culture and how we care for each other. We believe when we act in ways that are consistent with these values, we can solve any technical challenge that lies ahead of us. As a Zoro employee, you can expect to work with smart, energetic people, learn something every day, and be valued for your perspective.
Zoro is an Equal Opportunity Workplace and an Affirmative Action Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.