Senior Cloud Security Engineer


Media, PA Hybrid May 23
Apply now

The Sr. Cloud Security Engineer is responsible for designing, developing, and implementing highly available, secure cloud environments utilizing automated configuration management (Infrastructure as Code) methodologies while maintaining compliance to Wawa’s Information Security policies and standards.

This role is responsible for designing stable and secure cloud infrastructure for applications and repeatable processes through secure automated provisioning, continuous delivery (CD), continuous integration (CI), proactive monitoring, and compliance.  The engineer’s designs will incorporate security directly into CI/CD toolchains using a variety of tools, patterns and techniques.  You’ll work within Secure Development Operations Lifecycle, educating users on best practices, and recommending solutions that support secure digital and cloud transformation technologies. Using your experience within Secure DevOps Lifecycle you’ll evangelize cybersecurity and demonstrate its proper use through secure pipeline development, cloud blueprint creation and modification, and integration/automation of cloud activities and functions to develop unique solutions.

Principal Duties:

  • Develop and document cloud, automation, and API security requirements.
  • Design and implement automated deployments of identity and access management, logging and monitoring, application security hardening, infrastructure hardening and security, configuration security, data protection, CI/CD, vulnerability analysis, code review, and compliance validation in a multi-cloud environment.  You will use your knowledge and expertise of cloud environments to execute proper DevSecOps in the cloud.
  • Develop and implement tooling to provide preventive, detective, and reactive security configuration validation and correction.
  • Build CI/CD pipelines using modern techniques to implement cloud security.
  • Conduct analysis, design, development, and continued evolution of modern software-defined infrastructure, application patterns, and technology solutions.
  • Create IT security architectural artifacts, provide architectural analysis of IT security features, and relate the existing system to future business requirements.
  • Analyze cloud architecture and application vulnerabilities using cloud security services and other tools.  Integrate security best practices into an enterprise environment using intelligence and threat-driven defense models.
  • Continuously evaluate the organization's existing cloud infrastructure security practices and help define, standardize and measure security-related activities, demonstrating concrete improvements to the information security program within the organization.
  • Design and write automated security tests and checks in CI/CD, integrating security in to the application deployment pipeline.
  • Assist in the development of metrics to measure the effectiveness of the Wawa Information Security program as it relates to cloud infrastructure and secure automation.
  • Support cloud certification activities, system hardening, vulnerability testing and scanning.
  • Validate that information security requirements are built into architectures and new technology projects.
  • Work closely with development and infrastructure teams in an agile workflow to promote and mature DevSecOps methodologies.
  • Partner with infrastructure and automation teams to embed security best practice into the infrastructure as code development lifecycle and operational work processes.
  • Maintain and support internal networks between Information Security and Information Technology. Engage directly with peers as appropriate and necessary.

Essential Functions:

  • Expert knowledge and experience operating in cloud computing platforms.
  • Strong recognition of how work is done in DevSecOps with the ability to identify keys to success.
  • Ability to identify the security risks and address via countermeasures associated with DevSecOps, continuous delivery, automation, APIs, and cloud.
  • Ability to work well individually as well as in a team environment.
  • Ability to conduct effective risk assessments and threat modeling in a rapidly changing environment.
  • Expert scripting/programming skills and experience (Python, PowerShell, JavaScript, CLI tools, etc.).
  • Expert knowledge and experience with DevSecOps tools chains (Git, CI/CD, code scanning, etc.).
  • Excellent written and verbal communication skills, interpersonal and collaborative skills.
  • Up-to-date knowledge of methodologies and trends in both information security and IT.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Must be a critical thinker, with strong problem-solving skills.
  • Ability to manage one or more projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Ability to lead medium internal security technology projects and security remediation projects with limited dependencies on external IT teams.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
  • High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
  • Ability to be on-call 24x7x365 rotation.
  • Ability to lead, mentor and influence others.

Basic Requirements:

  • Minimum of 7 years’ experience in general IT.
  • Minimum 3 years’ experience in DevSecOps, automated deploymentsIaC, and cloud.
  • Experience and understanding of large-scale infrastructure deployments in enterprise-wide environments.
  • Strong understanding of cloud and application security principles.
  • Experience deploying and managing cloud deployments preferably within AWS:
    • Cloud computing: AWS, DC/OS, Terraform, Kubernetes
    • Configuration Management
    • CI/CD: AWS Config, AWS CloudFormation, AWS Lambda, AWS CLI, AWS Inspector, Checkmarx, Jenkins, Maven, Artifactory, Git, SonarQube
    • Databases: MongoDB, MySQL, Cassandra, Redis, Oracle, OpenSearch
    • Programming: JavaScript, Go, Node.js, Java
    • Scripting languages: Shell, Ruby, Python
    • Systems: Linux/Unix administration, Networking fundamentals
    • Tools: EFK, Password Vault, Vulnerability Scanning, Static Code Analysis, RabbitMQ, NGINX
    • Comfortable with REST API security best practices and usage
    • Experience supporting application deployments as Docker images
    • Cloud encryption and key management
  • Experience supporting large cloud deployments using a multi-account organizational structure.
  • Familiarity with static and dynamic code analysis tools/frameworks.
  • Strong analytical and critical thinking skills.
  • Degree in technology-related field preferred, or equivalent work- or education-related experience.
  • General understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
  • AWS Professional Certification (Solution Architect, SysAdmin or Developer).
  • Professional security management certification such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP), or other similar credentials.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, Critical Security Controls, and NIST 800-53 and Cybersecurity Framework.
  • Moderate knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.

Retirement & Stock Options Benefits
  • 401k with company contribution
  • Company Equity
  • Financial Planning Services
  • Access to Coaching (Health, Professional, Life)
  • Charitible Donation Matching Programs
  • Community Service Programs
  • Hybrid Work Options
  • Pet Insurance
  • Public Transportation Assistance
  • Relocation Assistance
  • Accessible Building
  • Accessible Devices
  • Accessible Work Environment
  • Job Modification
Perks & Discounts
  • Bring Your Own Device Reimbursement
  • Casual Dress
  • Cell Phone Reimbursement
  • Lunch Provided
  • Offsite Company Events
  • On Site Gym/Fitness
  • Special Discounts
Parental Benefits
  • Childcare Assistance Programs
  • Family Medical Leave
  • Nursing Room
  • Commitment to Work/Life Harmony
  • Flexible Work Schedule
  • Paid Holidays
  • Paid Sick Days
  • PTO
Health & Wellness
  • Dental Insurance
  • Employee Assistance Program (EAP)
  • FSA
  • Gym Reimbursement/Discounts
  • Health Insurance
  • HRA
  • HSA
  • Life Insurance
  • Long Term Disability
  • Mental Health Benefits
  • Onsite Gym
  • Short Term Disability
  • Vision Insurance
Professional Development
  • Employee Recognition Programs
  • Training & Development Budget
  • Tuition Reimbursement
What types of technologists are you looking to hire? As we continue our digital transformation, we’re looking to hire an incredible team of technologists to build the back-end features and functionality of our platform, including: Senior software engineers Lead software engineers Platform engineers Platform architects Security engineers Risk and compliance Forensic analysts SCRUM masters   What is your tech stack? We are always exploring new technology and languages to see how they can benefit our platform. Right now we’re working with AWS, Java, Kubernetes and Golang on the back-end and ReactJS on the front-end. It can surprise people who only think of Wawa as a convenience store, but we’re very passionate and proactive about using the latest technology to build our digital experiences. There’s a lot of room for our tech team to try new things and bring them to the table.   Tell us about what it's like to work at Wawa HQ. Wawa is a people-first organization, which means we care about our people over everything else and treat them fairly. The culture is very supportive and collaborative — everyone works together. And, we really give you the opportunity to spread your wings. We have many people who have worked here for 15 to 40 years, which says a lot. You can go to the cafeteria and eat lunch next to the CEO. It’s the kind of place where everyone is happy to come to work on a Monday morning. And there’s coffee everywhere.   How does Wawa give back? Wawa proudly gives back through The Wawa Foundation, a 501 (c)(3) non-profit corporation focused on building stronger communities in three areas of health, hunger and everyday heroes. Since its inception in 2014, The Wawa Foundation has contributed more than $100 million to non-profit community organizations. Wawa and The Wawa Foundation are proud to support seven National Partners with in-store customer fundraising campaigns and provides its associates with year round volunteer and participation opportunities with waived registration and fundraising at community events such as JDRF One Walks, LLS Light the Night, Special Olympics Polar Plunges, among others. At Red Roof, our corporate campus, our associates support some mentoring programs directly including  a  Big Brother, Big Sister program called Beyond School Walls that brings kids into HQ to get on-the-job mentorship in a real world environment, as well as a partnership through Cristo Rey High School that also pairs high school students with job opportunities.  Our Product Development team hosts Future Food Scientist workshops giving middle schoolers from throughout our communities a closer look at careers in the food sciences.