Job Description

About the Company - The ThreatModeler platform is the industry’s #1 automated threat modeling solution that enables a repeatable and scalable threat modeling process enterprise-wide. Through ThreatModeler’s easy-to-understand dashboards and reports, threat data is presented in a format that is clear, concise, and actionable with role-based accessibility on a self-serve basis. Security team expertise is therefore scaled across all stakeholder functions, allowing enterprise-wide collaboration on the prioritization and management of risk across the entire IT ecosystem. ThreatModeler’s unique architecturally-based framework also allows organizations to analyze and manage their comprehensive attack surface, including upstream threats and downstream impacts.

About the Role - We are seeking a skilled and proactive Cloud Security and DevOps Engineer to join our team. The ideal candidate will focus on ensuring the security, scalability, and efficiency of our cloud infrastructure while supporting DevOps workflows. This role involves securing cloud environments, managing CI/CD pipelines, troubleshooting complex issues, and providing 2nd-line support. The candidate must have hands-on experience with relational database systems, operating systems like Windows, Linux, and Unix, and a strong ability to diagnose and resolve environmental issues. Additionally, this position will involve responding to vendor security assessments and ensuring adherence to established cloud security frameworks and methodologies.

Responsibilities

• Design, implement, and maintain robust cloud security architectures across platforms (AWS, Azure, GCP, etc.).
• Conduct security risk assessments, vulnerability scanning, and penetration testing on cloud environments.
• Implement Identity and Access Management (IAM) best practices, including role-based access controls (RBAC).
• Monitor and respond to security incidents using tools like SIEM solutions.
• Enforce data protection measures, including encryption (at rest and in transit) and secure key management.
• Ensure compliance with industry standards such as SOC 2, GDPR, or ISO 27001.
• Lead the response to vendor security assessments by completing CAIQ questionnaires, ensuring alignment with STAR methodologies, and providing detailed, accurate, and timely information to demonstrate compliance with cloud security best practices.
• Collaborate with internal stakeholders to review and provide input on security-related vendor agreements.
• Develop, deploy, and manage CI/CD pipelines to ensure streamlined application delivery.
• Automate infrastructure provisioning using Infrastructure-as-Code (IaC) tools such as Terraform, AWS CloudFormation, or Ansible.
• Optimize cloud environments for cost-efficiency, performance, and scalability.
• Implement and manage containerized workloads using Docker and orchestration tools like Kubernetes.
• Collaborate with development and QA teams to integrate security into the software development lifecycle (DevSecOps).
• Provide 2nd-line support for cloud, server, and application issues.
• Troubleshoot and resolve environmental issues across Windows, Linux, and Unix servers.
• Manage and maintain Active Directory (AD), including user accounts, group policies, and permissions.
• Work with relational database systems to support database operations, backups, and performance tuning.
• Implement disaster recovery and backup solutions to ensure high availability and resilience.
• Deploy and manage cloud-native monitoring tools (e.g., AWS CloudWatch, Azure Monitor, or Google Cloud Operations Suite).
• Perform root-cause analysis for infrastructure, application, and environmental issues.

Qualifications

• Educational Background: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Experience: 3-5 years in cloud security or DevOps roles.
• Hands-on experience with one or more cloud platforms (AWS, Azure, GCP).
• Strong understanding of IaC tools such as Terraform, Ansible, or CloudFormation.
• Proven experience with containerization and orchestration tools (Docker, Kubernetes).
• Experience with Microsoft SQL Server, including performance optimization and troubleshooting.
• Experience troubleshooting and resolving issues in Windows, Linux, and Unix environments.
• Prior experience providing 2nd-line support for IT and infrastructure issues.

Required Skills

• Proficiency in scripting/programming languages (Python, Bash, PowerShell).
• Strong knowledge of networking concepts and protocols (DNS, VPNs, firewalls).
• Familiarity with security frameworks like NIST, CIS, and OWASP.

Preferred Skills

• AWS Certified Security – Specialty
• Certified DevOps Engineer (AWS, Azure, or GCP)
• CSA Certificate of Cloud Security Knowledge (CCSK)

Job Tags

Similar Jobs