Cloud Security Engineer
Overview As Discovery's portfolio continues to grow - around the world and across platforms - the Global Technology & Operations team is building media technology and IT systems that meet the world class standard for which Discovery is known. GT&O Implements and maintains the business systems and technology that are critical for delivering Discovery's products, while articulating the long-term technology strategy that will enable Discovery's growing pay-TV, digital terrestrial, free-to-air and online services to reach more audiences on more platforms. Within our Information Security team, there has never been a busier or more urgent time to obtain the best talent we can for a function so critical to Discovery. In light of the constant threats and attacks occurring in companies across the globe, and across all industries, the Information Security Team at Discovery is a growing group of cyber security professionals, that are using the latest tools and resources to protect the assets from our internal infrastructure to the shows we broadcast across the globe on Discovery Channel, Animal Planet, Discovery ID, TLC, EuroSport and more. From the US to Singapore, India to LA, we are tasked with protecting, training, and implementing the best of the best in tools, resources, monitoring, threat detection, and more. The Cloud Security team is looking for an experienced cloud and application security professional to help manage AWS & GCP WAF across our service portfolio. The Cloud Security Engineer for WAF will be responsible for deployment, troubleshooting, rule crafting, and acting as a subject matter expert (SME) to the broader team around all things WAF and DDOS mitigation. This role will entail automation and validation of configuration, helping to craft the WAF logging & observability strategy. Responsibilities Act as a WAF Subject Matter Expert for Infosec department Validating layer 3-7 protection coverage of our cloud perimeter Interfacing with AWS SRT for DDOS mitigation planning. Review cloud architecture and advise development teams on strong Network and Infrastructure Security Design principles and identification of issues prior to systems or features deployed. Provide guidance for security remediation to business and IT partners. Speaking the DevOps and product team's language by demonstrating real, practical risk and value. Develop cloud security solutions to meet incident response and participate in the security incident response process as a cloud SME. Mentor junior members of staff Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards and recommendations. Collaborate with senior management and department leaders to assess near- and long-term cloud security needs Staying current with the latest cloud threat mitigation tools and techniques Qualifications Strong understanding of layer-7 attack and defense techniques Understanding of defense against OWASP, DDOS, and other infrastructure threats from the edge. Prior use of AWS WAF Understanding of CDN, api management, and load balancing technologies Some Understanding of Cloud Provider managed Kubernetes networking Some Understanding of open and closed source threat intelligence sources. Strong understanding of cloud native networking concepts Understanding of cloud-based infrastructure components with specific understanding of the security risks presented in a decentralized and hybrid environment. Comfortable automating processes start to finish and can work closely with cloud solutions engineering and product teams to help integrate security into their existing processes. Proficient in at least one scripting language (python, Nodejs, Golang) Some Hands-on experience with some the following: Developing & Securing Serverless automation Security administration in AWS/GCP/Azure Infrastructure as code tools (Pulumi, Ansible, CloudFormation, Terraform) Command Line experience (Bash, Powershell, AWS-CLI) Network & Infrastructure engineering Excellent verbal and written communication skills with a strong attention to detail Remains productive while rapidly switching context Thirst for knowledge and constantly driven to stay current with evolving threat landscapes Must have the legal right to work in the United States Preferred Qualifications AWS Certifications - AWS Solutions Architect, AWS Security Specialty, AWS Network Speciality GCP Certifications - ACE, Other Security Product Engineering Certifications: Firewalls, WAF, Web Gateway/Proxy Solutions. Previous Experience with Akamai, Signal Sciences, etc.