A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.
You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio including Software and Red Hat.
Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you'll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in groundbreaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment
We are looking for a skilled Cloud Security Engineer to serve as our subject matter expert for Palo Alto Prisma Cloud. You will be the primary owner responsible for designing implementing assessing and managing cloud security strategy using the Prisma platform to protect multi-cloud environments. Your expertise will be critical in ensuring continuous compliance automating security controls and preventing cloud-native threats.
This is a strategic hands-on role that bridges the gap between the security team and cloud engineering requiring a good understanding of both cloud architecture and security principles.
Key Responsibilities
Prisma Cloud Strategy & Architecture:
- Serve as the technical owner and SME for the entire Palo Alto Prisma Cloud suite.
- Architect deploy and optimize Prisma Cloud across our Multi-cloud environments to provide comprehensive visibility and protection.
- Design and implement a "Shift-Left" security strategy by integrating Prisma Cloud into CI/CD pipelines (DevSecOps).
- Manage the entire lifecycle of the Prisma Cloud platform including policy management access controls and system health.
- Review least privilege & MFA across cloud assets
Cloud Security Posture Management (CSPM):
- Develop customize and maintain compliance frameworks within Prisma Cloud CSPM to enforce security benchmarks (e.g. CIS NIST PCI-DSS).
- Proactively identify prioritize and remediate cloud misconfigurations and compliance violations across IaaS PaaS and SaaS.
- Create detailed reports and dashboards for leadership and auditors demonstrating the effectiveness of our cloud security controls.
- Review cloud security strategy & governance Define cloud security baselines.
Cloud Workload Protection (CWP) & Code Security:
- Implement and manage Prisma Cloud CWP to provide runtime protection for workloads and containers.
- Configure agent-based and agentless protection strategies for virtual machines containers and serverless functions.
- Utilize Prisma Cloud's code security capabilities (IaC Scanning) to scan infrastructure-as-code templates (Terraform CloudFormation ARM) for security issues before deployment.
- Lead the response to cloud workload security alerts performing investigation and remediation.
Cloud Network Security & Identity Analytics:
- Leverage Prisma Cloud's network security features to visualize traffic flows detect network-based threats and enforce micro-segmentation policies.
- Utilize Cloud Identity Analytics (CNAPP) to monitor identity and access configurations detecting risky entitlements and anomalous user behavior.
Automation & Integration:
- Automate remediation actions by integrating Prisma Cloud with SOAR platforms (e.g. Cortex XSOAR) ticketing systems and cloud provider-native services.
- Develop scripts (Python Python or Terraform) to automate security tasks and enforce governance.
Collaboration & Leadership:
- Partner with Cloud DevOps and Application Development teams to embed security into the development lifecycle.
- Mentor junior cloud security analysts and engineers.
- Stay current with emerging cloud threats attacker TTPs (Tactics Techniques and Procedures) and new features within the Prisma Cloud platform.
Required Qualifications & Experience
- 5+ years of experience in cybersecurity with at least 3 years focused specifically on cloud security.
- 2+ years of direct hands-on experience with Palo Alto Prisma Cloud in a production multi-cloud environment.
- Proven experience in deploying configuring and managing core Prisma Cloud modules (CSPM CWP IaC Security).
- Good hands-on experience with at least one major cloud provider (AWS Azure or GCP) including a deep understanding of their native security services and IAM models.
- Proficiency in infrastructure-as-code (IaC) tools like Terraform CloudFormation or ARM Templates.
- Scripting or programming skills (e.g. Python Python Go) for automation.
Preferred Qualifications any of:
- At least one Palo Alto Networks certification Require:
- PCCSE (Cortex Certified Security Engineer)
- PCCET (Prisma Certified Cloud Entry-level Technician)
- PCCSP (Prisma Certified Cloud Security Professional) - Highly Desired
- Cloud provider certifications (e.g. AWS Certified Security – Specialty Azure Security Engineer Associate Google Professional Cloud Security Engineer).
- Experience integrating Prisma Cloud with CI/CD tools (e.g. Jenkins GitLab GitHub Actions).
- Familiarity with container and Kubernetes security principles.
- Excellent problem-solving and communication skills with the ability to articulate complex security risks to technical and non-technical stakeholders.