Publicis Groupe
Google Cloud Security Engineer (Hybrid, NYC or Dallas)
Publicis Groupe, New York, New York, us, 10261
Google Cloud Security Engineer (Hybrid, NYC or Dallas)
Publicis Sapient is a digital transformation partner helping established organizations get to their future, digitally-enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting and customer experience with agile engineering and problem-solving creativity.Job Description
As a Senior Engineer - Threat Modeling you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients. This position entails an individual contributor role focused on Security Architecture and Threat Modeling, encompassing governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers. Collaboration and partnership with Engineering, Information Security, Program Management, and Development teams are essential. The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies.Your Impact:Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.Deliver comprehensive threat models and related tasks within specified timeframes.Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.Qualifications
We are seeking an ideal candidate with 8+ years of experience in a range of technologies and processes including:Strong knowledge of security architecture principles, frameworks, and best practicesExperience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.Overall experience in Cybersecurity: 5+ yearsSecurity practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentationKnowledge of cloud security frameworksKnowledge of Rest APIKnowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)Familiarity with Jira or other ticketing systems – essentialTechnical architecture design and review skills – essentialAbility to identify vulnerabilities using CWE or OWASPKnowledge of operating systems and their hardening techniquesUnderstanding of development concepts such as CICD, Pipelines, and SDLCPenetration testing knowledge is also super usefulFamiliarity with Cloud Development Kit (CDK) and GitOpsExperience operating in a DevOps/agile team environmentUnderstanding of docker, Kubernetes, serverless architecture, and HelmExposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and DatabricksStrong analytical skills, diligence, and attention to detailWillingness to conduct research using vendor documentationCapability to create and maintain high-quality documentationPossession of an adversary mindsetContinuous learning attitude towards new technologies and methodologiesStrong problem-solving skillsExcellent communication and collaboration abilitiesAbility to build and nurture relationships across cross-functional teamsSet Yourself Apart With:Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITILRelevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)Experience working in regulated environmentsExposure to agile development, DevOps, SecOps and scrum teamsHands-on experience with cloud security designs on AzureStrong desire to learn and contribute solutions and ideas to broader team
#J-18808-Ljbffr
Publicis Sapient is a digital transformation partner helping established organizations get to their future, digitally-enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting and customer experience with agile engineering and problem-solving creativity.Job Description
As a Senior Engineer - Threat Modeling you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients. This position entails an individual contributor role focused on Security Architecture and Threat Modeling, encompassing governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers. Collaboration and partnership with Engineering, Information Security, Program Management, and Development teams are essential. The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies.Your Impact:Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.Deliver comprehensive threat models and related tasks within specified timeframes.Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.Qualifications
We are seeking an ideal candidate with 8+ years of experience in a range of technologies and processes including:Strong knowledge of security architecture principles, frameworks, and best practicesExperience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.Overall experience in Cybersecurity: 5+ yearsSecurity practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentationKnowledge of cloud security frameworksKnowledge of Rest APIKnowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)Familiarity with Jira or other ticketing systems – essentialTechnical architecture design and review skills – essentialAbility to identify vulnerabilities using CWE or OWASPKnowledge of operating systems and their hardening techniquesUnderstanding of development concepts such as CICD, Pipelines, and SDLCPenetration testing knowledge is also super usefulFamiliarity with Cloud Development Kit (CDK) and GitOpsExperience operating in a DevOps/agile team environmentUnderstanding of docker, Kubernetes, serverless architecture, and HelmExposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and DatabricksStrong analytical skills, diligence, and attention to detailWillingness to conduct research using vendor documentationCapability to create and maintain high-quality documentationPossession of an adversary mindsetContinuous learning attitude towards new technologies and methodologiesStrong problem-solving skillsExcellent communication and collaboration abilitiesAbility to build and nurture relationships across cross-functional teamsSet Yourself Apart With:Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITILRelevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)Experience working in regulated environmentsExposure to agile development, DevOps, SecOps and scrum teamsHands-on experience with cloud security designs on AzureStrong desire to learn and contribute solutions and ideas to broader team
#J-18808-Ljbffr