Principal Cloud Application Security Engineer

Principal Cloud Application Security Engineer

About Interos
Interos is the supply chain risk intelligence company - building the most trusted and transparent supply chains in the world. Our pioneering discovery and monitoring intelligence spans the lifecycle of supply chain risk, enabling faster and more informed threat mitigation. As the world's first, and only, automated supplier intelligence platform, we continuously map and monitor extended supply chains at speed and scale to protect organizations from regulatory fines, unethical labor, cyber-attacks, and other systemic vulnerabilities. Interos serves a variety of commercial, government, and public sector customers around the world including a host of Global Fortune 500 companies and from within the members of the Five Eyes nations. www.interos.ai.

• Develop and implement comprehensive cloud security strategies aligned with business objectives
• Assess current security practices, provide recommendations for, and implement improvements; including providing expert guidance and actionable recommendations during and after assessments or any found vulnerabilities, to enhance the organization's security posture
• Stay Informed on Security Trends: Continuously monitor and stay up-to-date with the latest security trends, news, and emerging threats to proactively safeguard cloud infrastructure and data.
• AWS (Amazon Web Services) Expertise: Lead the migration to a new architecture on AWS, ensuring optimal security configurations
• Demonstrate subject matter expertise on AWS services, emphasizing security best practices
• Design and implement secure containerization strategies using Docker and orchestration with Kubernetes
• Ensure the security of containerized applications throughout the development and deployment lifecycle
• Utilize Terraform to define and provision infrastructure as code, ensuring security controls are embedded in the deployment process
• Implement automated security checks within the IaC pipeline
• Implement and manage security controls, encryption, and identity management within AWS environments
• Conduct regular security assessments and audits to identify and mitigate potential risks
• Collaborate with cross-functional teams, including developers, operations, and DevOps, to integrate security seamlessly into the development lifecycle
• Communicate security requirements and best practices effectively to technical and non-technical stakeholders
• Develop and implement incident response plans for cloud environments
• Establish and maintain effective monitoring and alerting systems for timely detection and response to security incidents
• Identify gaps in our security posture and prioritize remediation efforts

• Bachelor's or Master's degree (or equivalent) in Computer Science, Information Security, or a related field
• AWS certifications such as AWS Certified Solutions Architect Professional, AWS Certified DevOps Engineer Professional, AWS Certified Security Specialty
• Knowledge of IL5, FedRAMP, and government cloud security standards preferred
• Proven experience as a Cloud Security Engineer in a similar capacity
• Passion and experience as a Security professional - able to analyze and advise on current Security trends, including breaches and vulnerabilities
• Extensive expertise in AWS, including hands-on experience with AWS security services
• Experience implementing security controls, encryption, and identity management in cloud environments
• CISSP, CCSP, OSCP, GIAC, or related security certifications preferred. · Certified Kubernetes Administrator (CKA), Certified Kubernetes Security Specialist (CKS) preferred
• Proficiency in Infrastructure as Code (IaC) using Terraform
• Strong knowledge of containerization technologies such as Docker and orchestration with Kubernetes
• Familiarity with DevOps principles and integrating security into CI/CD pipelines a plus
• Excellent communication (written & verbal) and collaboration skills

• Location: Arlington Office or Remote-US
• Telecommute Option: Yes
• Reports to: Senior Director, Information Technology & Security
• Supervisory Responsibility: This position has no supervisory responsibilities
• Travel Requirements: This position requires minimal travel
• Work Environment: This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, printers.
• Physical Demands: This is largely a sedentary role. Physical requirements include occasional lifting/carrying of 5 pounds; visual acuity, speech and hearing; hand and eye coordination and manual dexterity necessary to operate a computer keyboard and basic office equipment. Subject to sitting, standing, reaching, walking, twisting, and kneeling to perform the essential functions. Working conditions are primarily inside an office environment.
• Compensation range is base salary of  $180,000 - $225,000. The salary range information provided, reflects the anticipated base salary range for this position based on current national data.  Minimums and maximums may vary based on location.  Individual salary will be commensurate with skills, experience, certifications or licenses and other relevant factors.  In addition, this role will be eligible to participate in either the annual performance bonus or commission program, determined by the nature of the position. 
• FLSA: Exempt

• Comprehensive Health & Wellness package (Medical, Dental and Vision) 
• 10 Paid Holiday Days Off 
• Flexible Time Off (FTO)
• 401(k) Employer Matching
• Stock Options 
• Career advancement opportunities 
• Casual Dress 
• On-site gym and dedicated Peloton room at headquarters  
• Company Events (Sports Games, Fitness Competitions, Birthday Celebrations, Contests, Happy Hours) 
• Annual company party 
• Employee Referral Program