Sr. Cloud Security Engineer II

Sr. Cloud Security Engineer II

Who we are

DoubleVerify (NYSE: DV) is the leading independent provider of marketing measurement software, data, and analytics that authenticates the quality and effectiveness of digital media for the world's largest brands and media platforms. DV provides media transparency and accountability to deliver the highest level of impression quality for maximum advertising performance. Since 2008, DV has helped hundreds of Fortune 500 companies gain the most from their media spend by delivering best in class solutions across the digital ecosystem, helping to build a better industry. Learn more at www.doubleverify.com.

Job Overview: 

The Sr. Cloud Security Engineer would be responsible for delivering cloud, container and infrastructure as code security through DV’s CloudOps department and adjacent CISO organization.  The Sr. Cloud Security Engineer will lead and provide updated guidance and hands-on support to DoubleVerify’s development, devops and software/engineering teams on cloud security best practices, security architecture, and configuration management.

The individual will also assist DV’s application security team ensuring that cloud-native applications are secured, well built, and assist with security exposures.  The role will be also responsible for integrating security automation into DevOps processes, enhancing DoubleVerify’s cloud security posture.  Additionally, the position may be required to support the broader information security team (Governance Risk and Compliance, Security Operations, and IT Security). 

Responsibilities and Duties:

• Implement Cloud Security Principles, Best Practices, DevSecOps techniques across DV which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures.
• Promote Cloud Security and DevSecOps culture and train development and DevOps teams secure cloud, container and infrastructure as code. 
• Mastering Cloud Security subject matter expertise for enterprise customers within DV’s DevOps team. 
• Drive adoption of Cloud Security, DevSecOps tooling and practices including application security testing including automating security (within hybrid technology environment) 
• Be engaged in all aspects of Cloud Security and assist with DevSecOps program rollout.
• Ability to apply security knowledge and experience in a DevOps development lifecycle
• Development and implementation of cloud security, container security and infrastructure as code security concepts, principles, and best practices
• Enhance DV’s cloud security posture and application attack surface management by advising and assist implementing cloud security with DevOps and CloudOps personnel
• Assist in deploying and remediation findings from Cloud Secure Posture Management (CSPM) solutions and Cloud WOrkflow Protection Platforms (CWPP), or Cloud Native Security Platforms (CNSPs)/Cloud Native App Security Platforms (CNASPs)
• Assist in secure training to DV’s global software developers/engineers
• Support Information Security department leads including but not limited to Governance Risk and Compliance (GRC), Security Operations (Incident Response, Monitoring etc.), and IT Security (TVM, additional security tools etc.) 
• Assist in Merger & Acquisition (M&A) security-related activities 

Qualifications:

• 3+ years in cloud security specifically focusing in either AWS or GCP
• 1+ years using and securing Terraform or a similar infrastructure as code (IaC) 
• 1+ years using and securing Kubernetes (K8s) in a cloud or hybrid environment
• 1+ years experience in application security including AppSec concepts such as those in OWASP top 10, secure SDLC, agile methodologies and transformations etc. 
• 1+ years working with and remediating findings from Cloud Secure Posture Management (CSPM) solutions and Cloud Workflow Protection Platforms (CWPP), or Cloud Native Security Platforms (CNSPs)/Cloud Native App Security Platforms (CNASPs)
• Knowledge in CI/CD, securing the pipeline, best practices and tools (i.e. Gitlab/GitOps, TeamCity, Ansible) 
• Experience with hands-on development as a software engineer/developer is an added benefit
• Experience with linux is an added benefit
• Experience implementing a DevSecOps program is an added benefit
• Understanding of one or more of the following languages: Python, Scala, Java, .Net, C#, JavaScript, TypeScript, or Bash
• Experience performing assessments against applications and their underlying infrastructure, configuration, and deployment strategy
• Good leadership, communication (written and oral) and interpersonal skills 
• Understanding of data security, encryption and experience handling PII
• Bachelor’s Degree or higher in Computer Science or related field (Engineering, Computer Science, Mathematics Information Systems, etc) or equivalent technical experience
• Good to have but not necessary industry recognized certification in security (e.g., CISSP, CISM, CEH, OSCP, OSWA, C|CSE,  GCSA, GCLD, GPCS, CCSK, CCSP, AWS Security Specialization, Google Professional Cloud Security Engineer etc.)