Address
Form of workJob Description
Jefferies is seeking a Sr. Cloud Security Engineer to join as a Vice President in the Information Security team with accountability for researching, designing, engineering, implementing, and supporting Cloud Security solutions. The Cloud Security Engineer will be a hands-on engineering position that requires a high degree of technical expertise to directly interact with other engineering and application development teams to drive alignment on security requirements, influence decision makers, build relationships, and communicate strategy and architecture to the broader internal community while protecting the company's assets.
The candidate must be highly technical and adaptable to the rapid pace of financial services development and delivery. Candidate needs to be an excellent team player with good overall technical and communication skills and above all be self-motivated and drive the overall progress of Cloud Security at Jefferies.
We look to hire people who are comfortable in working with minimal supervision as part of a team that has consistently delivers ground-breaking and innovative solutions in one of the most exciting and fast-moving areas of the financial markets vertical. We need people who can prioritize and effectively communicate complex issues.
The candidate will have the following responsibilities:
- Key player for Cloud Security strategy, design, implementation across IaaS, PaaS, SaaS and FaaS
- Establish and manage technical governance processes for cloud services.
- Assist with conducting third party vendor review and analysis
- Drive overall strategy and implementation of security processes, procedure, governance through a combination of preventive and reactive controls and policies in a multi-cloud environment
- Work closely with application teams, Cloud Engineering and other infrastructure teams to support and implement security at every level of Cloud
- Define the preventative and detective guardrails for all IaaS, PaaS, SaaS, and FaaS environments; including shift-left
- Define the architecture for repeatability within IaC
- Establish the cost-effective use of tools and automation within the cloud environments
- Establish and maintain vendor relationships
Skills
- Experience collaborating with Infrastructure and Application teams
- Basic understanding of servers, network, storage, and databases
- Deep knowledge of core services from AWS and Azure
- Experience securing AWS, Azure and SaaS services in a highly regulated environment
- Proficiency in writing and reviewing Infrastructure as Code including CloudFormation and Terraform
- Familiarity with NIST CSF and Cloud Security Alliance CCM frameworks
- Experience managing and supporting critical Developer infrastructure and secure SDLC
- Understanding of Application Security principles, SAST, DAST and web application vulnerabilities such as OWASP Top 10, their risk and remediations
- Ability to identify and communicate risks and remediation to senior management and application teams
- Manage multiple projects simultaneously and can adapt to changing business needs
- Work well with cross functional global and remote teams
- Self-disciplined, self-starter who can provide leadership and mentor others while resolving complex incidents and delivering projects
- Ability to analyze complex problems, propose effective solutions and understand and apply business vision and direction
- Establish and maintain the Jefferies zone of trust
- Knowledge of cloud services secure connectivity techniques and services
Desired
- CISSP, CCSP, CCSK, AWS/Azure Security or additional certifications
- Experience with Cloud-native security services and tools, Cloud Security Posture Management (CSPM), serverless and container security
- Experience with SAST and DAST tools
- Experience with using Atlassian DevOps tools including, Jira, Bitbucket and Bamboo
- Experience implementing, securing, and managing containerized and Kubernetes workloads
- Experience managing a geographically diverse team
- Skills: Python, PowerShell, and REST
- Understanding of Application Security principles, SAST, DAST and web application vulnerabilities such as OWASP Top 10, their risk and remediations
The salary range for this role is $140,000-$210,000.
Jefferies Financial Group Inc. (''Jefferies,'' ''we,'' ''us'' or ''our'') is a U.S.-headquartered global full service, integrated investment banking and securities firm. Our largest subsidiary, Jefferies LLC, a U.S. broker-dealer, was founded in the U.S. in 1962 and our first international operating subsidiary, Jefferies International Limited, a U.K. broker-dealer, was established in the U.K. in 1986. Our strategy focuses on continuing to build out our investment banking effort, enhancing our capital markets businesses and further developing our Leucadia Asset Management alternative asset management platform. We offer deep sector expertise across a full range of products and services in investment banking, equities, fixed income, asset and wealth management in the Americas, Europe and the Middle East and Asia.
At Jefferies, we believe that diversity fosters creativity, innovation and thought leadership through the infusion of new ideas and perspectives. We have made a commitment to building a culture that provides opportunities for all employees regardless of our differences and supports a workforce that is reflective of the communities where we work and live. As a result, we are able to pool our collective insights and intelligence to provide fresh and innovative thinking for our clients.
Jefferies is an equal employment opportunity employer, and takes affirmative action to ensure that all qualified applicants will receive consideration for employment without regard to race, creed, color, national origin, ancestry, religion, gender, pregnancy, age, physical or mental disability, marital status, sexual orientation, gender identity or expression, veteran or military status, genetic information, reproductive health decisions, or any other factor protected by applicable law. We are committed to hiring the most qualified applicants and complying with all federal, state, and local equal employment opportunity laws. As part of this commitment, Jefferies will extend reasonable accommodations to individuals with disabilities, as required by applicable law.
All employees must follow Jefferies' COVID-19 protocol policy, which is subject to change.
