Job Description :
As a Senior Cloud Security Engineer, the candidate will protect the Company from internal and external security threats as it relates to cloud technologies. You will perform risk assessments and security reviews to identify and mitigate cloud security vulnerabilities. Additionally, you will design and support the security processes and technical configurations for cloud and cloud/hybrid platforms.


Outcomes and Activities: Information Security


Leads coordination with cross-functional application teams to define, estimate, and implement cloud security requirements for projects and system development.
Supports security configurations for cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, and containerization platforms such as Docker and VMWare.
Drives the technical cloud strategy of the Security team, including evaluating and adopting tools, technologies, and processes.
Performs periodic risk assessments for cloud platforms to identify, classify, and remediate threats and vulnerabilities.
Oversees third-party vendors to execute independent cloud security assessments.
Leads response for cloud security incidents, adhering to the established incident response process.
Oversees security awareness initiatives related to cloud and collaboration platforms.
Coordinates with Corporate Legal to ensure compliance with federal, state, and local regulations.
Supports more junior staff in the development of their skills.


Other

Serves as a 24/7 escalation point for the team.


Competencies: The following items detail how you will be successful in this role.



Ensures Accountability: Holds self and others accountable to meet commitments.
Manages Conflict: Handles conflict situations effectively, with a minimum of noise.
Develops Talent: Develops people to meet both their career goals and the organization's goals.
Drives Engagement: Creates a climate where people are motivated to do their best to help the organization achieve its objectives.
Drives Results: Consistently achieves results, even under tough circumstances.
Strategic Mindset: Sees ahead to future possibilities and translates them into breakthrough strategies.
Builds Effective Teams: Builds strong-identity teams that apply their diverse skills and perspectives to achieve common goals.
Business Domain: Understands Credit Acceptance’s business model, operations and business terminology.
Continuous Improvement/Innovation: Identifies, recommends and advocates for improvement opportunities for existing standards, policies and processes.
Value Assessment: Prioritizes and identifies more critical and less critical activities and tasks; adjusts priorities as appropriate.
Active Listening: Understands what is being said and the context in which it is being said.
Collaboration/Customer Focus: Treats everyone like a customer and collaborates with them to clarify and achieve objectives.
Verbal Communication: Speaks in a clear, concise, organized, and effective manner for the intended audience.
Written Communication: Writes in a clear, concise, organized, and effective manner for the intended audience.
Accountability/Ownership: Takes responsibility for delivering the work product.
Escalation: Recognizes areas of risk and escalates through the correct channels in a timely manner.
Time Management: Effectively manages time and resources to ensure that work is completed efficiently.
Critical Thinking: Understands complex information coming from different sources to evaluate, reconcile conflicts and determine the best possible outcomes.
Impact Analysis: Understands the rationale behind changes and how they impact the enterprise and/or applications and across the technical ecosystem.
Solution Design: Ability to translate high-level requirements to create and implement designs that are technically sound, maintainable, cost effective and meet the needs of the customer.
Technical Domain: Has understanding of the technical domain including application architecture, design and data.


Requirements:



Bachelor’s degree in Computer Science, Information Systems, or closely related field of study or equivalent experience
Minimum 5 years of experience in the Information Security field
Minimum 3 years of experience with Cloud platforms such as Amazon Web Services (AWS) or MS Azure
Experience architecting solutions within Amazon Web Services (AWS) or MS Azure
Experience performing design reviews to assess security implications and requirements for introduction of new technologies.
Familiarity with industry compliances such as SOX, GLBA, ISO 27002, or PCI-DSS


Preferred Experience:


AWS Certified Solutions Architect – Associate or Professional certification
Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc
Experience with service-oriented architecture for cloud-based services.
Experience working with cloud access security brokers (CASBs)