ZoomInfo is looking to hire an individual who will join the security team of a rapidly expanding organization with global locations. We are building out a new security focused DevSecOps extension.
A successful candidate will be responsible for security over the entire software development lifecycle: Coaching developers on security practices, tracking vulnerabilities found in code, working with developers firsthand in remediating them, and coordinating with DevOps on improvements to the SDLC to improve overall security posture, reduce time-to-remediation, etc. In addition, the candidate will be responsible for reviewing the cloud security infrastructure and security controls, running assessments using tools or scripts and auditing configuration, settings and design.
The candidate will be part of a larger global security team and work closely with individuals from all sectors of security, helping the team and expanding abilities and expertise.
The ideal candidate is an experienced information security cloud practitioner who is goal-oriented and strives to exceed expectations, with a proven track record of cloud security, SDLC security life cycle and related experience.
- Participate in larger security team and development life-cycle
- With DevOps, design and implement solutions that integrate security into the cloud and the CI/CD pipeline.
- Analyze, document and present solutions meeting our needs.
- Manage cloud-based security and compliance tools.
- Promote standards-based change and problem management.
- Keep management informed with precise, accurate information about security posture and events no surprises.
- Engage with internal and external parties to get and share information to improve processes and security posture.
- Investigate alerts, anomalies, errors, risks to identify threats, source, determine remediation, and recommend security improvements or actions.
- Supervise and guide efforts of other team members or groups.
- Communicate to security team leadership.
- Produce design documentation.
- Create, document and maintain formal processes to meet certification requirements.
- Work across business lines especially with DevOps on integration of products/services.
- Create management-friendly reporting from tools.
- Developing a secure SDLC with the development team.
- Experience with SAST and DAST tools.
- Working with our team and third parties on our bug-bounty program.
- Creating and implementing a formal Threat Risk Modeling program as an integral part of the SDLC.
- Ability to assess testing tools and work with DevOps to deploy the selected ones.
- Scripting and programming experience as needed.
- Create interfaces with existing tools such as SIEM and helpdesk.
- Configure tools to meet ongoing requirements for monitoring and compliance.
- Excellent verbal and written communication, report writing and presentation skills in English.
- Able to work independently but also as part of a team.
- Flexibility to change direction and manage conflicting demands and emergencies.
- Comfortable working in a fast-paced environment.
- Working in a structured and methodical way.
- Knowledge of networking cloud, cloud security, cloud services, IAM, containers, etc.
- Knowledge of networking, zones, cloud security and network security.
- Some experience with system hardening guidance and tools
- Must be highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting.
- Google Certified Solutions Architect or equivalent experience.
- A degree in computer security, computer science or relevant hands on proven experience in cloud security and compliance.
- Recognized security certifications.
- 3-5 years of relevant experience.
- Solid knowledge and experience using cloud security and compliance products.
- Deep knowledge and experience with security assessment tools, cloud security architecture and supporting
- Experience with containerization technologies including Docker, and container orchestration systems like Kubernetes.
- Knowledge of networking, IAM, public cloud, enterprise logging, SIEM, API Management and containerization.
- Experience with Incident Response and deep analytical investigation as needed to understand a threat and address it.
- Experience establishing, formalizing the DevSecOps function.
- Experience scripting with Groovy, Java, Node.js, go, and other relevant tools.
- Proven ability to understand the company needs, building relationships and developing a positive dialogue
More Jobs From