Cloud Security Engineer

Newfold Digital is a leading web technology company serving nearly seven million customers globally. Established in 2021 through the combination of leading web services providers Endurance Web Presence and Web.com Group, our portfolio of brands includes: Bluehost, Crazy Domains, HostGator, Network Solutions, Register.com, Web.com and many others. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs.

The Cloud Security Engineer is responsible for ensuring the security and integrity of company cloud infrastructure, applications, and data.  The Cloud Security Engineer’s role involves designing and implementing robust security measures, managing identity and access control, monitoring, and responding to security incidents, and ensuring compliance with security policies and regulatory requirements.  The Cloud Security Engineer collaborates with various teams to integrate security into all aspects of cloud operations, from development and deployment to maintenance and monitoring.  This position requires deep understanding of cloud platforms, security best practices, and the ability to stay ahead of emerging threats and technologies. 

The Cloud Security Engineer is a Cloud Security subject matter expert and will work in conjunction with other Security and Engineering teams to enable secure cloud deployments, governance, application security capabilities, threat prevention, detection and response, and system hardening requirements following best practices defined by organizations such Cloud Security Alliance and Open Web Application Security Project foundation.

What you’ll do:

General Duties and Responsibilities

Cloud Security Engineer duties and responsibilities include:

• Lead the security efforts in helping to design scalable, cost-effective, and secure public cloud environments.

• Work with cloud service providers (AWS, GCP, Azure, and OCI) to leverage built-in security features and services, where technically feasible.

• Design secure cloud architectures and solutions that align with best practices and company requirements.

• Implement and manage Identity and Access Management (IAM) policies to control access to cloud resources and ensure proper authentication and authorization mechanisms are in place.

• Enforce the use of multi-factor authentication and role-based access controls to improve security.

• Implement appropriate encryption mechanisms to protect data at rest and in transit.

• Enable security policies to protect against unauthorized data access and leakage.

• Align security controls to ensure compliance with data protection regulations and company policies.

• Enable and manage security monitoring tools and systems to detect and respond to security incidents.

• Partner with Security Operations to develop incident response procedures and analyze security alerts and logs to identify potential threats and vulnerabilities.

• Participate in incident response and forensics activities as required.

• Assess cloud environments for vulnerabilities and prioritize remediation activities.

• Design and implement secure network architectures, including virtual private clouds, subnets, and firewalls.

• Configure and manage network security groups, access control lists, and other network security controls.

• Ensure cloud environments comply with relevant security standards and regulatory requirements and conduct audits/assessments to ensure compliance with controls.

• Integrate security info DevOps pipelines where appropriate and use infrastructure as code (IaC) tools such as Terraform and CloudFormation to automate configurations.

Educational and Certification Requirements

A degree in Cybersecurity, Information Technology, Computer Science, Software Development, Engineering, or related engineering field with training in software security is desirable. 

Industry recognized certifications are a plus.  Certifications may include:  CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), Software Security Certifications, such as Certified Secure Software Lifecycle Professional (CSSLP), GIAC (Global Information Assurance Certification), GSEC (Global Security Essentials Certification), GIAC Cloud Security Automation (GPCS), GIAC Cloud Penetration Tester (GCPN), GIAC Public Cloud Security (GPCS), AWS Solutions Architect (Associate/Professional), AWS Certified Security - Specialist.

Certifications issued by public cloud providers (AWS, Azure, Google, Oracle, etc.) is a plus.

Who you are:

General Knowledge, Skills, and Abilities

As well as formal qualifications, a Cloud Security Engineer should possess:

• Experience developing and leading cloud services design and deployments in technology such as IaaS and PaaS.
• Experience building and deploying cloud native solutions such as AWS, Azure, Google Cloud Platform, and/or Oracle Cloud Infrastructure.
• Technical expertise in areas such as cloud storage, compute, databases, AIML, or Terraform.
• Experience working with CI/CD pipelines, containerization technologies, and pipeline automation toolsets within an Agile/Scrum environment.
• Able to read and develop scripting languages such as Python and Bash.
• Understanding of controls (e.g., access control, auditing, authentication, encryption, integrity, physical security, and application security).
• Ability to influence and build relationships with business and technology stakeholders and manage external/third-party vendors.
• Strong understanding of serverless technologies and security implications deployed in public clouds.
• Experience with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Products (CWPP).
• Experience designing and implementing large scale platforms with high resiliency, availability, and reliability using public cloud infrastructure.
• Conduct and facilitate security reviews, threat modeling including deep design reviews throughout the development lifecycle.
• Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments, appropriately targeted for colleagues and upper management.
• Versed in operating systems such as Linux as well as Windows environments, Active Directory, encryption schemas and algorithms, various authorization and authentication mechanisms/software, network monitoring and sniffing, TCP/IP networks, Threat and Vulnerability Management, and reviewing activity for suspicious or anomalous behavior.
• Experience with vulnerability scanners, vulnerability management systems, patch management and host-based security systems.
• Project Management are a plus.
• Experience with the following technologies is desired:  SentinelOne Singularity Platform, Tanium, Google Chronicle SIEM, Cloudflare L3-L7 security technologies, Atomicorp (ModSec), Tenable.io, Lacework, Recorded Future, ServiceNow, Jira, Microsoft Defender for Endpoints, Microsoft Security and Compliance, Virus Total, SiteLock, Monarx, NGNIX.
• Experience with the native security service solutions for public cloud service providers (AWS, Google, Azure, Oracle) is desired.

Why you’ll love us.

• We’ve evolved: We provide three work environment scenarios. You can feel like a Newfolder in a work-from-home, hybrid, or work-from-the-office environment. 
• Work-life balance: Our work is thrilling and meaningful, but we know balance is key to living well. 
• We celebrate one another’s differences: We’re proud of our culture of diversity and inclusion. We foster a culture of belonging. Our company and customers benefit when employees bring their authentic selves to work. We have programs that bring us together on important issues and provide learning and development opportunities for all employees.  We have 20+ affinity groups where you can network and connect with Newfolders globally.  
• We care about you : At Newfold, taking care of our employees is our top priority. We make sure that cutting edge benefits are in place for you. Some of the benefits you will have: We have partnered with some of the best insurance providers to provide you excellent Health Insurance options, Education/ Certification Sponsorships to give you a chance to further your knowledge, Flexi-leaves to take personal time off and much more. Building a community one domain at a time, one employee at a time. All our employees are eligible for a free domain and WordPress blog as we sponsor the domain registration costs.
• Where can we take you? We’re fans of helping our employees learn different aspects of the business, be challenged with new tasks, be mentored, and grow their careers. Unfold new possibilities with #teamnewfold!  

This Job Description includes the essential job functions required to perform the job described above, as well as additional duties and responsibilities. This Job Description is not an exhaustive list of all functions that the employee performing this job may be required to perform. The Company reserves the right to revise the Job Description at any time, and to require the employee to perform functions in addition to those listed above.