Blue Yonder
Sr. Cloud Infrastructure Vulnerability Analyst
Blue Yonder, Scottsdale, Arizona, us, 85261
Role: Cloud Security AnalystLocation: Dallas, TX - Hybrid roleOverview:Blue Yonder is a Leading
AI-driven Global Supply Chain Solutions Software Product Company
and one of Glassdoor's
Best Places to Work .Seeking a Sr. Cloud Infrastructure Vulnerability Analyst responsible for
Cloud Security Posture Management (CSPM) , identifying security vulnerabilities including misconfigurations across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS).This candidate will also be responsible for
Cloud Workload Protection (CWP) , providing continuous discovery and monitoring of vulnerabilities in the workloads deployed in the cloud infrastructure.Direct responsibility for vulnerability management and threat management of the overall infrastructure and information assets.Scope:Core responsibilities include assessing and promoting remediation for all the assets in the Infrastructure as a Service (IaaS) and Software as a Service (SaaS).Key member of the centralized information security team.What you'll do:Discover and continuously monitor for vulnerabilities in the public cloud infrastructure, cloud workloads including dockers, Kubernetes, and containers.Create golden images for virtual machines, dockers, and containers for the business.Identify gaps in Identity and Access Management (IAM) in Public Cloud.Perform vulnerability scans and report findings for On-prem and Cloud networks.Publish vulnerability status reports to senior management and track remediation.Define and participate in implementation of On-prem and Cloud architecture and security controls.Proactive identification of threats and risk remediation.Discover assets in the cloud infrastructure to identify and continuously monitor for security vulnerabilities and misconfigurations.Maintain security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.Upgrade security systems by monitoring the security environment; identifying security gaps; evaluating and implementing enhancements.Participate in and assist with the incident response team as appropriate.Generate metrics for Management as needed.Prepare system security reports by collecting, analyzing, and summarizing data and trends.What we are looking for:6-8 years of proven experience in Information Security or Vulnerability Management and at least 4 years of experience in Cloud Security; a Master's degree can substitute for experience.Extensive experience in public cloud infrastructure such as Microsoft Azure, Google GCP, or AWS.Proven experience in Cloud Security Posture Management tools like Microsoft Defender, Wiz, Tenable, Aqua Security, Prisma Cloud, Lacework, Scribe Security, etc.Certifications such as CCSK, CCSP, GCSA, Microsoft Certified Azure Security Engineer Associate, CISSP or equivalent.Strong expertise in Vulnerability and Threat Management, gathering and condensing threat intelligence into actionable communication materials.Thorough understanding of Identity and Access Management best practices in Public Cloud.Bachelor's degree in Information Security, Information Technology, Computer Science, or related fields from STEM.Deep and diverse experience architecting and implementing network security designs. Expert in network security, system security, and endpoint security.Thorough understanding of security vulnerabilities and misconfigurations in cloud infrastructure.Thorough understanding of native cloud solutions like dockers, containers, Kubernetes, VDIs, cloud storage, cloud infrastructure, etc.Familiarity with security frameworks and regulatory requirements such as NIST, ISO 27001/2, and SSAE-18.Proven experience with vulnerability management services including Qualys, Nessus, Nexpose, etc.Practical experience with the development, implementation, and management of security-related technologies (i.e., SIEM, WAF, AV, Firewalls, Internet-facing services).Excellent customer service including strong written and oral communication skills.Knowledge of security network devices (firewalls, switches, SIEM, Antivirus, cryptography, etc.) and other security networking hardware/software tools.Demonstrated understanding of information security concepts, standards, practices, including firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring, and log management and event monitoring/reporting.Results-focused with attention to detail.Ability to work the 2nd shift to provide global coverage.
#J-18808-Ljbffr
AI-driven Global Supply Chain Solutions Software Product Company
and one of Glassdoor's
Best Places to Work .Seeking a Sr. Cloud Infrastructure Vulnerability Analyst responsible for
Cloud Security Posture Management (CSPM) , identifying security vulnerabilities including misconfigurations across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS).This candidate will also be responsible for
Cloud Workload Protection (CWP) , providing continuous discovery and monitoring of vulnerabilities in the workloads deployed in the cloud infrastructure.Direct responsibility for vulnerability management and threat management of the overall infrastructure and information assets.Scope:Core responsibilities include assessing and promoting remediation for all the assets in the Infrastructure as a Service (IaaS) and Software as a Service (SaaS).Key member of the centralized information security team.What you'll do:Discover and continuously monitor for vulnerabilities in the public cloud infrastructure, cloud workloads including dockers, Kubernetes, and containers.Create golden images for virtual machines, dockers, and containers for the business.Identify gaps in Identity and Access Management (IAM) in Public Cloud.Perform vulnerability scans and report findings for On-prem and Cloud networks.Publish vulnerability status reports to senior management and track remediation.Define and participate in implementation of On-prem and Cloud architecture and security controls.Proactive identification of threats and risk remediation.Discover assets in the cloud infrastructure to identify and continuously monitor for security vulnerabilities and misconfigurations.Maintain security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.Upgrade security systems by monitoring the security environment; identifying security gaps; evaluating and implementing enhancements.Participate in and assist with the incident response team as appropriate.Generate metrics for Management as needed.Prepare system security reports by collecting, analyzing, and summarizing data and trends.What we are looking for:6-8 years of proven experience in Information Security or Vulnerability Management and at least 4 years of experience in Cloud Security; a Master's degree can substitute for experience.Extensive experience in public cloud infrastructure such as Microsoft Azure, Google GCP, or AWS.Proven experience in Cloud Security Posture Management tools like Microsoft Defender, Wiz, Tenable, Aqua Security, Prisma Cloud, Lacework, Scribe Security, etc.Certifications such as CCSK, CCSP, GCSA, Microsoft Certified Azure Security Engineer Associate, CISSP or equivalent.Strong expertise in Vulnerability and Threat Management, gathering and condensing threat intelligence into actionable communication materials.Thorough understanding of Identity and Access Management best practices in Public Cloud.Bachelor's degree in Information Security, Information Technology, Computer Science, or related fields from STEM.Deep and diverse experience architecting and implementing network security designs. Expert in network security, system security, and endpoint security.Thorough understanding of security vulnerabilities and misconfigurations in cloud infrastructure.Thorough understanding of native cloud solutions like dockers, containers, Kubernetes, VDIs, cloud storage, cloud infrastructure, etc.Familiarity with security frameworks and regulatory requirements such as NIST, ISO 27001/2, and SSAE-18.Proven experience with vulnerability management services including Qualys, Nessus, Nexpose, etc.Practical experience with the development, implementation, and management of security-related technologies (i.e., SIEM, WAF, AV, Firewalls, Internet-facing services).Excellent customer service including strong written and oral communication skills.Knowledge of security network devices (firewalls, switches, SIEM, Antivirus, cryptography, etc.) and other security networking hardware/software tools.Demonstrated understanding of information security concepts, standards, practices, including firewalls, intrusion prevention and detection, TCP/IP and related protocols, device monitoring, and log management and event monitoring/reporting.Results-focused with attention to detail.Ability to work the 2nd shift to provide global coverage.
#J-18808-Ljbffr