Cloud Security Engineer

Krakow, Malopolskie, Poland
Full time
R25_0000008294

About GPC Global Technology Center

Established in 1928, Genuine Parts Company (GPC) is a leading global service organization specializing in the distribution of automotive and industrial replacement parts. GPC's commitment to innovation and technology is evident in the GPC Global Technology Center in Krakow, established in 2022. This center serves as a hub for research and development, supporting GPC's digital transformation efforts. The center's team of highly skilled IT engineers focuses on developing advanced technologies and solutions that enhance GPC's operations and growth. Their work spans across various areas, including e-commerce and data platforms, supply chain solutions, selling systems, and cyber security. Learn more at genpt.com.

Position Purpose

Cloud Security Engineer will develop, implement, and support a cloud security strategy and associated architecture across various cloud environments. This position will support the overall implementation of GPC's existing enterprise security cloud architecture and information assurance program, while working closely with staff to enhance and develop new designs, policies/standards, and security strategies across all types of cloud-based initiatives (including infrastructure, platform, software as a service, and application development). Cloud Security Engineer will also work with a team of engineers who will assist in executing GPC's cloud security strategy and conducting daily information security and assurance monitoring activities in the respective cloud environments.

Cloud Security Engineer will partner with GPC's Information Technology and Cybersecurity teams and its subsidiaries to ensure open lines of communication and clear understanding of security objectives are provided within each project. The successful candidate possesses excellent interpersonal and communication skills required for partnering with all stakeholders, while also possessing the requisite IT/cloud/security skills and experience. The successful candidate also will assist and advise GPC's Global Director of Cyber Defense when working on various cloud-based security initiatives and projects.

Responsibilities

Develop a multi-tiered security strategy for both individual public clouds and a multiple-cloud deploymentsCollaborate with GPC's Cloud infrastructure team to architect and implement new cloud-based environments to ensure that required security controls are implemented and working as intendedCreate a security policy and standard, along with defining the associated controls, to govern the adoption of containers and their associated workloadsWork closely with GPC's application development and application security teams to ensure that proper security controls are "baked in" to the cloud application development lifecycleDraft cloud-centric policies and strategies that set the tone for a global cloud security footprint spanning GPC and its international subsidiariesDevelop a plan for conducting regular audits of GPC cloud environments to determine their adherence to GPC security policies, standards, and best practicesThoroughly document processes and implementations (both operational and architectural) via technical documentation and run booksProvide input and feedback on cloud security architectures and best practicesRepresent the Security Program in the development and implementation of the overall enterprise cloud security architecture and planningWhite boarding of security architecture and implementation planning to stakeholdersDevelop daily cloud-monitoring processes/operations that focus on protecting IaaS, PaaS, SaaS services, and cloud-based applicationsDesign a strategy for identifying deviations from GPC security standards and best practices and collaborating with the GPC Cloud Operations team and stakeholders to remediate such issuesCoordinate w/ DevOps and DevSecOps teams to close configuration issues and harden cloud infrastructure services and/or applicationsAssist the GPC Global Incident Response team in developing cloud-based incident response processesDocument system configurations, standards, and procedures.
Requirements
3 - 5 years experience with Security Architecture and/or Engineering in cloud environments3 - 5 years experience with the major cloud service providers3 - 5 years experience architecting solutions within any/all the major cloud providers4-year degree or equivalent years' related work experience requiredCISSP and/or CCSP preferredPossess a firm understanding of the offerings and capabilities across multiple major cloud platformsPossess a solid understanding and have experience with systems automation platforms, Infrastructure as Code, container security, and other similar cloud-based technologiesExperience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes, including secure software development (Application Security), data protection, cryptography, key management, identity, and access management (IAM), network security within SaaS, IaaS, PaaS, and other cloud environments.Working knowledge of common and industry-standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).Experience with deployment orchestration, automation, and security configuration management (Jenkins, GitLab, Puppet, Chef, CloudFormation, Terraform, Ansible) preferredExperience working with cloud security and governance tools, cloud access security brokers (CASBs), and server and/or application virtualization technologiesExperience and exposure to threat modeling and design reviews to assess security implications and requirements for introduction of new technologiesExperience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisionsExperience with enterprise architecture and working as part of a cross-functional team to implement solutionsStrong interpersonal and communication skills; ability to work in a team environmentAbility to work independently with minimal direction; self-starter/self-motivatedTechnical writing experienceData Loss Prevention, Archiving, eDiscovery, and Compliance experience is a plus
Not the right fit? Let us know you're interested in a future opportunity by joining our Talent Community on jobs.genpt.com or create an account to set up email alerts as new job postings become available that meet your interest!

GPC conducts its business without regard to sex, race, creed, color, religion, marital status, national origin, citizenship status, age, pregnancy, sexual orientation, gender identity or expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. GPC's policy is to recruit, hire, train, promote, assign, transfer and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons.

Where permitted by applicable law, successful applicants must be fully vaccinated against COVID-19 prior to start date. COVID-19 vaccination is a condition of employment, subject to an approved accommodation, and proof of vaccination will be required on or prior to start date.

GPC conducts its business without regard to sex, race, creed, color, religion, marital status, national origin, citizenship status, age, pregnancy, sexual orientation, gender identity or expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. GPC's policy is to recruit, hire, train, promote, assign, transfer and terminate employees based on their own ability, achievement, experience and conduct and other legitimate business reasons.

See Description

Equal employment opportunity, including veterans and individuals with disabilities.

PI265013324