Lead Application Security Cloud Engineer (virtual remote home office eligible) at Humana Studio_h
This role will serve as both engineering lead and product owner for our Multi-Cloud Secrets Management Platform.
In this role you will be on a team of security engineers performing triage, analysis, hunting bugs, driving DevSecOps adoption, driving secret management adoption, secret detection, delivering on our “everything is code” approach to product development.
We are looking for someone with at least 2 years of application security engineering and DevOps/DevSecOps experience. You are a great fit if the following are true:
• You love developers, and are passionate about customer experience.
• You love breaking and building, you can code and hack.
• Demonstrates building solutions with Terraform, Ansible, or other cloud native approaches.
• You can handle complicated bugs, security issues, and pipeline problems.
• You have a passion for protecting sensitive data and new ways of solving complex problems.
• Can demonstrate where you made a difference, solved problems and help make dev teams happy.
• Experience with Git, Gitflow. You don’t do anything without ‘git init’.
• Exposure to SAST, DAST, SCA, IAST tooling.
• Azure Devops or Github automation, or similar experience with CI/CD tooling.
• Know what the OWASP top 10 is, and understand defensive techniques.
• Architects, Junior Developers and Red Teamers don’t scare you.
• Serve as Product Owner and drive strategy for Hashicorp Vault and our Secrets Management platform. This includes story grooming, building pipelines, reviewing pull requests, growing talent and serving as secrets management evangelist.
• Contributes to inner source and demonstrates engineering community engagement.
• Contribute to and execute on our secure software development strategy for the enterprise.
• Execute on driving application security automation into teams across the enterprise
• Partner with our Security Automation Product Owner, Compliance and governance, platform teams and DevOps teams.
• Improve and expand application security quality across our entire portfolio of applications.
• Mentor others, you love to share and support, serve as expert for escalated analysis.
• At least 2 years+ of experience with Secure Engineering, including familiarity with the leading toolsets. Terraform, Ansible, Chef, Puppet, Hashicorp Vault, Nomad, Kubernetes, Cloud Foundry or similar experience.
• Experience with Docker, LXC, Microsoft Containers or other container models explicitly required.
• Strong engineering experience across a variety of technologies and languages.
• Proficient in both Linux and Windows environments.
• Excellent communication skills with the ability to influence others, can navigate complex organization structures and processes.
• Analytical and problem solving skills
• Must be passionate about contributing to an organization focused on continuously improving consumer experiences
• Must be passionate about developer experience, privacy, security, quality and product delivery
• Strong experience in establishing and rolling out DevOps or DevSecOps
• Cloud experience with two of the following Azure, GCP, AWS, Heroku – Azure/GCP Preferred.
• Experience with Hashicorp Vault, Consul and Terraform enterprise.
• Strong Experience with one of the following: C#, Java, Python, PowerShell.
• At least 1-2 years of experience working in a product team. You understand design, delivery, and ownership.
• Knowledge of common information security management frameworks, including but not limited to:
ISO 27001/27002, ITIL, COBIT, NIST, BSIMM.
• Professional certification, such as a Certified Information Systems Security Professional (CISSP), AZ-300, AZ-500, GCP Professional Cloud Architect or other similar credentials a plus but not required.