Architect - Cloud Security Engineer
Hyderābād (Hyderābād)
Job description
Overview
The Cloud Security Specialist will be part of PepsiCo’s Cloud Acceleration and Value Office (CAVO) and will be driving Cloud security initiatives & improvements. This is a role to develop cloud security model to enable our digital transformation. This role will help to improve cloud security posture of Azure & AWS cloud for PepsiCo.
The candidate will focus on working with the various Product and Application Owners within the CIO teams to review security needs, understand assessment strategies and tooling, review various Cloud Security strategies, define requirements, build, test & implement Security reports & remediations, and pull data out of both Azure and AWS for KPI reporting.
As a Specialist, CAVO - Cloud Security will be responsible for shape and build the future of cloud security at PepsiCo. Towards that effort, this role will be accountable for the following:
· Responsible to design, implementation & maintenance of security solutions in cloud infrastructure (Azure & AWS).
· Drive the adoption of modern cloud-native security solutions; design and implement Authentication and Authorization policies and practices aligned with well Architected framework.
· Collaborate with senior members in Architecture, Engineering, and Cloud Operations to implement and adopt the modern security focused technologies and services.
Responsibilities
Responsibilities:
· Hands on experience on development and enhancement of security policies, standards, procedures, guidelines, and controls.
· Expert level knowledge of configuring logging ingestion from cloud platforms such as AWS and Azure to cloud based SIEM and orchestration tools.
· Good understanding of security tools and capabilities such as firewalls, threat prevention and detection, and application security principles, both cloud-platform native and third part
· Support incident response activities: partner with other teams as needed to resolve.
· Build periodic checks/audits to ensure state of security controls are in line with PepsiCo security policies, compliance requirements.
· Collaborate with security team to enhance logging, monitoring & detection capabilities of existing tooling, develop & test new use-cases.
· Assist with infrastructure and docker/container vulnerability management, periodic access reviews.
· Develop security focused metrics and reports demonstrating current risk state & organizational alignment with least privilege principle, secure configuration & consistent logging.
· Responsible for leading Cloud security Audits requirements.
· technical proficiency in configuring technical policies and security configurations.
Accountabilities:
· Work with cloud Architects, engineers & Directors to define and implement cloud security improvements.
· Able to work with Sr. Directors, Directors and similar Business and IT positions.
· Manages all aspects of cloud security projects including initiation, execution, and delivery.
· Manages multiple stakeholders across Engineering, Architecture, Operations, and Sector CIO teams.
· Manages multiple vendor relationships in the context of a security efforts.
· Review and assess cloud security approach, potential risks, mitigation, etc.
· Provides technical leadership and execute all cloud security projects.
· Define and follow the cloud security initiatives for PepsiCo Global cloud environment.
· Partner with Cloud Engineering, Cloud migration and other teams in executing security projects to ensure minimal risk and business disruption.
· Provide deep cloud security expertise covering infrastructure, application architectures, cloud capabilities, etc.
· Build and execute cloud security plans in collaboration with partners and other stakeholders and drive consensus on these plans.
· Take a broad view to identify potential risks that may impact overall cloud security posture and identify appropriate mitigating actions.
· Communicate cloud security program health to key stakeholders including senior leadership as needed.
· Execute & implement relevant cloud security KPIs to ensure overall program health.
· Partner with Service Providers and key stakeholders to provide visibility to the impact of a cloud security and streamline the cloud security remediation process reducing outage windows.
· Provide solid technological understanding of cloud infrastructures, capabilities, and security models.
· Understand and identify cloud native services that can be leveraged as the traditional on-premise model shifts to a cloud native service offering (and architecture and migration methods)
· Partner with Service Providers to ensure service levels, key performance indicators, and other migration metrics are met through regular reviews
· Partner with Architects, Compute and Network Engineers, Information Security, and other stakeholders to assist in the design, communication and implementation of Strategies, Technology Roadmaps, Standards, Processes and Services and validation of their cost-effectiveness
· Partner with Information Security and Global Controls organizations to ensure security, audit, SOX and compliance requirements.
· Provide current and future financial analysis for Cloud security and development of automation to drive greater Service Delivery maturity
· Generate appropriate communication, process, and educational plans for mitigating the disruption of change
Qualifications
Years of Experience
· Bachelor's degree or higher in computer science, engineering, or related field
· 10+ Years of overall experience in IT
· 7+ years of related IT business work experience
· 5 years of relevant experience in cloud infrastructure principles and methodologies
· 5 years of relevant experience with Infrastructure delivery and/or operations
· 2+ years of cloud migration experience including assessing migration methods and optimization of optimization of cloud cost (IaaS and PaaS)
· Preferred: 2 years of experience supporting application development and software engineering functions
Mandatory Technical Skills
· Experience working with Azure DevOps or similar tools for tracking, developing, deploying software
· Experience with Configuration, migration and deployment efforts related to Azure or AWS IaaS/PaaS Technologies
· Experience operating complex multi-datacenter, multi-cluster environment and a strong understanding of multi-tenancy and security
· Experience in hybrid multi-cloud environment – both IaaS and PaaS offerings
· A working understanding of code and script such as: Shell and PowerShell, Python and Perl
· Preferred: Solid understanding of networking concepts (BGP, DNS, Load Balancing, firewall and core Internet), including CDN
· At least 5-6 years of experience with cloud platforms such as Amazon AWS., Microsoft Azure.
· Hands on experience in automating Cloud Security Configurations, Monitoring and Compliance.
· A solid understanding of information security standards & Cloud Compliance requirements
· Experience implementing Azure & AWS security and hardening, especially in a large or complex environment.
· Hands-on security experience, with in-depth knowledge of security, scaling in the cloud.
· Hands on experience on cohesive and holistic security monitoring framework.
· Understanding of standards & compliances – CIS Benchmarks, ISO 27001, HIPAA, PCI/DSS, SOC (1,2,3)
· Hands-on experience with secrets management systems, including Azure Key Vault, Hashicorp Vault, etc.
Mandatory Non-Technical Skills
· Experience leading Agile and Hybrid development and deployment projects
· Agile or other project management certification is a plus
· Excellent communication and strong interpersonal skills
· Experience managing project financials for complex large projects, including plan to actuals analysis, plan updates.
· Solves highly complex, politically sensitive problems across teams
· Experience with managing a hybrid multi-cloud environment
· Strong analytical skills to support problem troubleshooting, resolution, and root cause determination to complex technology issues
· Ability to thrive in a fast pace and demanding work environment.
· Strong documentation skills and ability to explain complex technical concepts to non-technical personnel
· Good collaboration and partnership skills to foster key relationships with other technology, application and business teams
· Solid foundation in IT operational concepts and procedures
· Requisite skills to assist with influencing others in order gain consensus and alignment for key deliverables that span multiple teams and organizations
· Vendor management experience
· Proficiency managing multiple projects in the public cloud, e.g. Azure, AWS
· Understanding of infrastructure and cloud technologies, principles, and methodologies
· Experience with running programs and initiatives with remote teams in multiple locations
· Experience with project scheduling and project lifecycle best practices
· Define program level resource plans and effectively on-boarding resources to the program
· Cost modeling, program cost forecasting, & variance management
· Experience with managing project interdependencies and assessing implications for program based on the consideration of other projects
· Support identification and requirements gathering for new tools and services to enable cloud security.
Differentiating Competencies
· Adept at dealing with ambiguity and working in a matrix environment
· Ability to take ownership and drive cloud application migration projects independently
· Ability to work with virtual teams (remote work locations); lead team of technical resources (employees and contractors) based in multiple US locations and offshore
· Lead functional and technical discussions, driving clarity of complex issues/requirements to build robust solutions
· Ability to leverage partnership with Managed Service Providers to achieve business goals
· Ability to navigate complex IT landscape and still deliver results (working across teams such as Cloud Architecture and Engineering, Finance, Asset Management, Cloud Migration)
· years for migration, which will all need assessment completed, target architecture defined, migration method reviews and planned, etc.