Sr. Cloud Security Engineer, Zoro
Company Summary:
Zoro offers millions and millions of products—an endless aisle with everything you need to run your business. We offer fast and free shipping, no-hassle returns, and exceptional customer service. We’ve grown quickly in a short time and are continuing to do so while aggressively growing our revenue. We are excited to be a part of an award-winning culture—we have been named a Great Place to Work for multiple years in a row, among other local and national accolades. We think Zoro is a pretty amazing place to work and grow, and think you will too!
Primary Function:
This individual will serve as a thought leader and security expert for Zoro and is responsible for evaluating, implementing, and managing security tools designed to protect, detect, and monitor the cloud infrastructure and SaaS applications Zoro utilizes. He or she will also be assessing, recommending, and designing security controls for existing systems and applications operating in our environment. As a Senior Cloud Security Engineer it will also be his or her responsibility to help promote positive change and build a security-aware technology culture within the DevSecOps and surrounding organizations.
Duties and Responsibilities:
- Design highly available, scalable, and resilient security solutions leveraging both cloud-agnostic and cloud-native tools within AWS and GCP
- Design and implement container security enhancements
- Design, implement, and monitor solutions for network and landing zone security, server and container image hardening, identity and access management (IAM), data security, patch management, application security, secrets management.
- Design and implement automated security processes and controls to increase operational effectiveness and to reduce manual processes.
- Lead collaborative design of solutions to meet remediation requirements from audits, security reviews, external regulatory changes, PEN Tests, PCI changes
- Lead automation efforts to minimize manual work, ensure compliance goals, and support continuous delivery frameworks and tools
- Assess and implement monitoring tools to support operational and security incident response processes
- Strengthen the data security approach by improving the preventative, detective, and corrective solutions
- Lead in the selection of security vendors and tools, and manage vendor relationships.
- Research, analyze and assess threats and risks
- Interface with teams throughout the organization with the objective of providing high quality and low friction, security operations services.
- Serve as the hands-on subject matter expert for security operations
- Provide guidance to technical teams on architectural, procedural, and security best practices
- Communicate security risks and mitigation plans to business partners
- Creating documentation for security tools and services
- Providing feedback on new and existing security policies
- Creating and maintaining security procedures
- Keeping abreast of security industry standards, technology changes, trends, and best practices
- Reviewing and approving security infrastructure change requests
- Mentor and train junior cloud security team members
Qualifications:
Education:
- Bachelor’s degree in Information Systems or related degree, or equivalent job experience.
Experience:
- 4+ years cloud infrastructure operations or information security risk compliance experience
- 4+ years of experience in cloud security engineering and operations
- Strong knowledge in AWS and/or GCP computing environment
- Web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten
- Direct working experience in designing and implementing solutions to enforce security frameworks such as NIST Cyber Security Framework, CIS Top 20, and ISO 27001
- Strong understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
- Highly self-motivated
- Strong attention to detail
- Strong analytical and problem-solving skills
- Strong verbal and written communication skills
- Strong interpersonal and conflict management skills
Zoro Values and Inclusive Culture:
We share a commitment to our Zoro values: Win & Lose Together (We prefer winning!), Take Ownership, Be Transparent, and Aspire to Be Customer-Obsessed. We believe when we act in ways that are consistent with these values, we can solve any technical challenge that lies ahead of us. Everything we do at Zoro is centered around delighting our customers. It's a natural extension of our company culture and how we care for each other. As a Zoro employee, you can expect to work with smart, energetic people, learn something every day, and be valued for your perspective.
Zoro is dedicated to fostering an environment where people of all backgrounds and beliefs are represented, and all team members can be confident that their experiences and perspectives are valued. Zoro aims to empower all employees to learn about, raise awareness, and promote diversity and inclusion through all of our workplace interactions.
Zoro is an Equal Opportunity Workplace and an Affirmative Action Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.