Ryan Specialty
Lead Cloud and Application Security Engineer
Ryan Specialty, Chicago, Illinois, United States, 60290
Position Summary:We are seeking a proactive and collaborative Senior Cloud and Application Security Engineer to integrate security measures into every phase of our cloud and application development lifecycle. The ideal candidate will champion security best practices and foster a culture of security awareness within the organization. Responsibilities include developing automated security solutions to enhance efficiency and response capabilities, designing and managing security protocols for cloud infrastructure, and enforcing security guidelines for Infrastructure as Code (IaC). The role requires securing containerized environments, partnering with DevOps for CI/CD pipeline security, and leading security initiatives alongside the Senior Application Security Engineer. The Senior Cloud and Application Security Engineer will also maintain application security standards, stay updated on emerging security threats, and proactively investigate potential risks. An action-oriented mindset and strong relationship-building skills are essential to drive information security forward effectively.
Location:Chicago - Illinois - Wacker
What will your job entail?Collaborate with IT, development, and operations teams to embed security into every aspect of the cloud and application security lifecycleAdvocate for security best practices, raising awareness and driving a security-first culture across the organizationDevelop and implement automated security solutions to streamline security processes, improve efficiency, and enhance response capabilitiesCollaborate with architecture and IT to design, implement, and manage security measures for our cloud environmentsDevelop and enforce security best practices for Infrastructure as Code (IaC) to ensure secure deployment and configuration managementSecure containerized environments, including Docker and Kubernetes, and ensure compliance with security benchmarksPartner with DevOps teams to integrate security into the CI/CD pipeline for container deployment and managementAlong with the Senior Application Security Engineer, lead application security initiatives, including secure code reviews, vulnerability assessments, and web application penetration testingDevelop and maintain application security standards and guidelines, ensuring they are integrated into the software development lifecycleStay abreast of the latest security threats, trends, and technologies, especially in cloud, IaC, and container environmentsProactively identify and investigate security threats by analyzing security logs, conducting threat hunting exercises, and implementing advanced detection mechanismsContinuously evaluate and improve security tools and processes to address evolving securityBe action oriented, demonstrating high energy and an action-oriented approach to challenging work tasks, with a willingness to act swiftly and with minimal planning when opportunities arise.Build strong peer relationships by finding common ground and fostering problem-solving for mutual benefit, advocating for information security interests while remaining equitable to other groups, promoting teamwork and cooperation, and maintaining open and honest communication with colleaguesEducation/Experience/Skills:
Bachelor's degree in computer science/Engineering/Information Security preferredMinimum of 7 years' experience in Information Security within cloud-native or SaaS technology environmentsProficiency in cloud platforms such as AWS, Azure, and GCP, container orchestration tools (Kubernetes, Docker), and Infrastructure as Code (Terraform, Ansible)Experience in application security practices and tools, including static/dynamic analysis and familiarity with OWASP standardsStrong analytical, problem-solving, and communication skillsAbility to work collaboratively in a dynamic environment3-5 years of hands-on experience securing Infrastructure as Code, Application Security, and Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAMLMinimum two years of experience automating and scaling CIS benchmarks or equivalent standardsExtensive experience writing technical and business-friendly security documentationStrong written and verbal communication skills in EnglishProfessional certifications such as Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) are highly desirableSalary Range :
$160-190k
***Please disregard the salary listed below, it is inaccurate.
Ryan Specialty is an Equal Opportunity Employer. We are committed to building and sustaining a diverse workforce throughout the organization. Our vision is an inclusive and equitable workplace where all employees are valued for and evaluated on their performance and contributions. Differences in race, creed, color, religious beliefs, physical or mental capabilities, gender identity or expression, sexual orientation, and many other characteristics bring together varied perspectives and add value to the service we provide our clients, trading partners, and communities. This policy extends to all aspects of our employment practices, including but not limited to, recruiting, hiring, discipline, firing, promoting, transferring, compensation, benefits, training, leaves of absence, and other terms, conditions, and benefits of employment.
How We Support Our Teammates
Ryan Specialty seeks to offer our employees a comprehensive and best-in-class benefits package that helps them - and their family members - achieve their physical, financial, and emotional well-being goals. In addition to paid time off for company holidays, vacation, sick and personal days, Ryan offers paid parental leave, mental health services and more.
The target salary range for this position is $129,200.00 - $169,575.00 annually.
The wage range for this role considers many factors, such as training, transferable skills, work experience, licensure and certification, business needs, and market demands. The pay range is subject to change and may be modified in the future. Full-time roles are eligible for bonuses and benefits. For additional information on Ryan Specialty Total Rewards, visit our website https://benefits.ryansg.com/.
We provide individuals with disabilities reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment in accordance with applicable law. Please contact us to request an accommodation at HR@Ryansg.com
The above is intended to describe this job's general requirements. It is not to be construed as an exhaustive statement of duties, responsibilities, or physical requirements. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
Location:Chicago - Illinois - Wacker
What will your job entail?Collaborate with IT, development, and operations teams to embed security into every aspect of the cloud and application security lifecycleAdvocate for security best practices, raising awareness and driving a security-first culture across the organizationDevelop and implement automated security solutions to streamline security processes, improve efficiency, and enhance response capabilitiesCollaborate with architecture and IT to design, implement, and manage security measures for our cloud environmentsDevelop and enforce security best practices for Infrastructure as Code (IaC) to ensure secure deployment and configuration managementSecure containerized environments, including Docker and Kubernetes, and ensure compliance with security benchmarksPartner with DevOps teams to integrate security into the CI/CD pipeline for container deployment and managementAlong with the Senior Application Security Engineer, lead application security initiatives, including secure code reviews, vulnerability assessments, and web application penetration testingDevelop and maintain application security standards and guidelines, ensuring they are integrated into the software development lifecycleStay abreast of the latest security threats, trends, and technologies, especially in cloud, IaC, and container environmentsProactively identify and investigate security threats by analyzing security logs, conducting threat hunting exercises, and implementing advanced detection mechanismsContinuously evaluate and improve security tools and processes to address evolving securityBe action oriented, demonstrating high energy and an action-oriented approach to challenging work tasks, with a willingness to act swiftly and with minimal planning when opportunities arise.Build strong peer relationships by finding common ground and fostering problem-solving for mutual benefit, advocating for information security interests while remaining equitable to other groups, promoting teamwork and cooperation, and maintaining open and honest communication with colleaguesEducation/Experience/Skills:
Bachelor's degree in computer science/Engineering/Information Security preferredMinimum of 7 years' experience in Information Security within cloud-native or SaaS technology environmentsProficiency in cloud platforms such as AWS, Azure, and GCP, container orchestration tools (Kubernetes, Docker), and Infrastructure as Code (Terraform, Ansible)Experience in application security practices and tools, including static/dynamic analysis and familiarity with OWASP standardsStrong analytical, problem-solving, and communication skillsAbility to work collaboratively in a dynamic environment3-5 years of hands-on experience securing Infrastructure as Code, Application Security, and Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAMLMinimum two years of experience automating and scaling CIS benchmarks or equivalent standardsExtensive experience writing technical and business-friendly security documentationStrong written and verbal communication skills in EnglishProfessional certifications such as Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) are highly desirableSalary Range :
$160-190k
***Please disregard the salary listed below, it is inaccurate.
Ryan Specialty is an Equal Opportunity Employer. We are committed to building and sustaining a diverse workforce throughout the organization. Our vision is an inclusive and equitable workplace where all employees are valued for and evaluated on their performance and contributions. Differences in race, creed, color, religious beliefs, physical or mental capabilities, gender identity or expression, sexual orientation, and many other characteristics bring together varied perspectives and add value to the service we provide our clients, trading partners, and communities. This policy extends to all aspects of our employment practices, including but not limited to, recruiting, hiring, discipline, firing, promoting, transferring, compensation, benefits, training, leaves of absence, and other terms, conditions, and benefits of employment.
How We Support Our Teammates
Ryan Specialty seeks to offer our employees a comprehensive and best-in-class benefits package that helps them - and their family members - achieve their physical, financial, and emotional well-being goals. In addition to paid time off for company holidays, vacation, sick and personal days, Ryan offers paid parental leave, mental health services and more.
The target salary range for this position is $129,200.00 - $169,575.00 annually.
The wage range for this role considers many factors, such as training, transferable skills, work experience, licensure and certification, business needs, and market demands. The pay range is subject to change and may be modified in the future. Full-time roles are eligible for bonuses and benefits. For additional information on Ryan Specialty Total Rewards, visit our website https://benefits.ryansg.com/.
We provide individuals with disabilities reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment in accordance with applicable law. Please contact us to request an accommodation at HR@Ryansg.com
The above is intended to describe this job's general requirements. It is not to be construed as an exhaustive statement of duties, responsibilities, or physical requirements. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.