Senior Cybersecurity Engineer

About the role:

As a Senior Cybersecurity Engineer specialized in cloud security, you will be responsible for ensuring the security and compliance of Zscaler’s public cloud infrastructure (e.g., AWS, GCP, Azure). You will play a critical role in designing, implementing and maintaining security controls, monitoring tools, and best practices to safeguard our cloud environments. You will perform risk-based assessments on security vulnerabilities and weaknesses and assist teams in triaging and addressing these issues. You will define the strategy and cloud security standards, and drive the implementation of preventive and detective controls. You will drive overall reporting on our cloud security risk posture with leadership and engineering stakeholders.  

What you will do:

• Develop and execute a comprehensive CSPM strategy aligned with Zscaler’s security objectives and industry best practices.
• Design, implement and maintain security controls and configurations across cloud platforms (e.g., AWS, Azure, GCP).
• Establish and maintain continuous monitoring capabilities to detect and respond to security threats, vulnerabilities and misconfigurations in real time.
• Implement automation and orchestration solutions to streamline security processes from preventing to remediation, including guardrails to prevent misconfigurations and automated remediation of misconfigurations and policy enforcement.
• Supervise the remediation of detected security issues, supporting engineering teams in understanding and fixing appropriately and timely security detections.
• Ensure adherence to security policies, standards and frameworks (e.g., CIS Benchmarks, DISA STIG) through regular audits, assessments and remediations.
• Provide guidance and hardened examples to engineering teams on cloud security best practices and emerging threats. 
• Generate regular reports for management and engineering stakeholders to communicate cloud security posture and improvements.
• Operate in an Agile process environment.

Requirements:

• 5+ years of experience in cyber security, with a focus on cloud security and CSPM, preferably in a senior role.
• Proficiency in cloud platforms (e.g., AWS, GCP, Azure) and their native security services.
• Strong understanding of security principles, protocols and technologies, including network security, identity and access management, data security and encryption, application security.
• Hands-on experience with CSPM tools and technologies, from cloud providers and/or security vendors (Wiz, Prisma Cloud, Crowdstrike Falcon, Microsoft Defender, Tenable Cloud Security).
• Hands-on experience with IaC, and associated scanning/enforcement tools either commercial or freeware (checkov, tfscan, OPA).
• Experience operating with at-scale cloud environments (>10k assets under management) and engineering organizations (>1k engineers) in driving security controls and/or vulnerability remediations.

Desired skills:

• Experience with Docker containers and Kubernetes in a cyber security and operational function.
• Experience operating across multiple cybersecurity posture management for public clouds, including ASPM, DSPM, NSPM, IASPM.
• Experience with general vulnerability management practices, including code and endpoint security scanning and remediation.
• Hands-on expertise in scripting and automating repeatable tasks via software.
• Experience operating within an Agile environment (e.g., Scrum, Kanban).