Information Security Analyst - Kubernetes Security

Information Security Analyst - Kubernetes Security Client: American Express - Direct Visa Status: USC, GC, H4-EAD , No H1B Location: Must be Local to Phoenix, Arizona or Atlanta, Georgia (Relocation is Okay) Contract Length: Contract to Hire (Please Check With Your Candidates as They Will Be Expected to Convert to Full Time Years Experience: 5 Years of Experience Pay Rate : $63/hr PUBLIC FACING JOB DESCRIPTION: Job Description: Information Security Analyst - Kubernetes Security American Express is on an exciting Cloud transformation journey led by a high-energy, delivery-focused team delivering security as code and integration to enable on-premise equivalent security models for cloud workloads. The Cloud Security Engineering group builds and delivers technology which enables shift left security integration through partnership and collaboration across Technology Risk and Information Security, as well as multiple Technology teams. Information Security Analysts working in the Kubernetes Security domain will design and develop Cloud infrastructure security requirements across Cloud platform, container, network, and storage tiers to deliver security capabilities for the enterprise Hybrid Multi Cloud Journey. The Specialist will be accountable for securely enabling the cloud journey through a delivery-based program based on automation and guardrails-based approach. To be successful, you and your team will work very closely with other Technology Risk and Information Security functions, as well as Cloud Security Governance, Cloud Security Operations, and many other Technology and non-Technology teams to identify, solution, and deliver security code elements. You will drive automation, zero touch, and idempotency through "everything-as-code" across cloud platform and infrastructure components. This position demands a well-organized; action-oriented team player with the ability to prioritize daily work; work on multiple initiatives simultaneously; establish and maintain an outward looking view on new and evolving network edge technologies; and an ability to mature and operate business critical, end-to-end processes and solutions - while ensuring a great colleague user experience. Responsibilities Deliver Cloud Security Engineering functions intended to establish security code elements across private and public multi-cloud Provide security and engineering expertise and guidance to the Cloud Programs, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Policy as Code (PaC). Collaborate with enterprise architects and SMEs to deliver complete security architecture solutions. Design and deliver Container security requirements and guardrails across VMs, Containers, CNI, CSI, and Mesh Identify exciting opportunities for adopting new technologies to solve existing needs and predicting future challenges. Present key security ideas to various audiences (technical and non-technical), in an effective manner. Required Skills/Experience 3 years of experience in Information Security roles. 2 years of experience with OpenShift or Kubernetes cluster administration or Kubernetes security solution implementation. Experience with Docker, Open Container Initiative (OCI), or similar containerization platforms. Experience in defining Rego policies for enforcement through Open Policy Agent (OPA) Gatekeeper. Proven ability to read and critique source code, including Terraform and either Python or Go. Experience building and consuming REST or GraphQL APIs using Python or Go is preferred. Experience in applying Security Principles to Kubernetes or OpenShift clusters and container workloads. 2 years of experience utilizing Git, GitOps and various Git workflows. Experience with pull based GitOps via ArgoCD to manage cluster deployments and workloads as code. Experience working with GitHub Actions or Jenkins Pipelines. Understanding of Cloud Fundamentals, including securing public cloud with data protection controls. Experience performing validation and verification of configurations in a cloud environment. Knowledge of security configuration management, container security, endpoint security and secrets management as they are applied to cloud applications. Knowledge of network architecture, proxy infrastructure, and programs to support network access and enablement. Understanding of multiple Information Security domains, such as Identity & Access Management, Infrastructure Vulnerability Management, Network Security, Data Loss Prevention, End User Security, etc. Experience in defining resources configurations using Terraform or Helm. Understanding of DevOps and DevSecOps principles Educational Requirements: Bachelor's Degree in Computer Science, Software Engineering, Electric Computer Engineering (ECE) or equivalent information security degree. Certified Kubernetes Administrator (CKA) or equivalent work experience. Certified Kubernetes Security Specialist (CKS) preferred. Other Information Security or Cloud Certifications preferred, such as CISSP, CISM, CCSP.