Cloud Security Specialist

Every day, our software is used by millions of people around the world, and we are looking for individuals who share in our excitement and passion for transforming the way the world learns. At D2L, we believe that learning should be accessible and engaging. Our goal is to create easy, flexible, and smart software that ignites the desire to learn in everyone. To do this, we need to give talented, enthusiastic, and passionate people opportunities to create, develop, and collaborate on projects that revolutionize the learning environment

We are looking for an experienced Cloud Security Specialist to continue improving how we protect the data of our customers.  You will be joining a team responsible for ensuring our Amazon AWS infrastructure is being managed appropriately, working with development teams to make visible and improve their security posture, and provide education to the Technology, Engineering and Development organization.

HOW WILL I MAKE AN IMPACT

  • Schedule, monitor, and troubleshoot vulnerability scanning.
  • Provide support and resolution for scanning and vulnerability remediation reporting issues. - Identify and resolve gaps related to Governance Risk Compliance integration and reporting.
  • Triage and prioritize infrastructure security defects.
  • Automating processes to alert DevOps teams regarding issues that need to be resolved
  • Reviewing SIEM data to identify and manage threats to production environments
  • Provide consultancy to internal teams and development teams on proper remediation techniques.  Promote and assist in standardizing security best practices.
  • Develop technical documentation, including functional specifications, system design specifications and Standard Operating Procedures (SOPs) as necessary.
  • Provide technical support for vulnerability management projects.
  • Develop and mature operations in support of overall tool strategy.
  • Knowledge and experience in scanning against security standards such as Center for Internet Security (CIS) Benchmarks to validate approved platforms are in use.
  • Familiarity with ISO, SOC2 and FedRAMP Security Controls and applying them to Cloud Providers.
  • May participate with annual 3rd Party Organization Audits conducted for compliance

WHAT IS D2L LOOKING FOR FROM ME?

  • Bachelors of Computer Science or similar experience for managing and securing cloud infrastructure
  • Three or more years of experience in performing vulnerability assessments applying Information Security best practices to Information Technology assets.
  • Experience with static and dynamic vulnerability identification using industry leading scanning tools.
  • Experience with the Top 10 OWASP Open Web Application Security Project vulnerabilities most critical web vulnerabilities and how to identify and remediate them.
  • Product-focused vulnerability management experience to include patch management and remediation activities in enterprise and cloud environments.
  • Experience with Vulnerability Management Platforms
  • Previous Secure Development Lifecycle or Application Assessment experience is desirable.
  • Hands-on experience with automation of system and application level scanning tools.
  • Scripting and automating security systems to integrate with existing monitoring systems and improving upcoming process.
  • Experience working with pen-testers and ability to interpret security defects to developers/engineers and their leaders.
  • Excellent analytical skills, attention to detail and ability to methodically troubleshoot complex issues.
  • Solid understanding of Information Security in general and the specific behaviors that would secure information assets and intellectual property.
  • Analyze work group systems and recommend solutions. Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand and ability to effectively communicate with both non-technical and technical people.
  • Strong problem solving with the ability to methodically and objectively analyze and resolve Information Security challenges.
  • Ability to work well inside and outside the team. Exchanging ideas, knowledge, experience and thoughts can boost the quality and the efficiency of the solution, so great testers must always be eager to coordinate well with their team members and other teams as well. Stakeholder management skills and experience due to the escalation process. Respond to customer/client requests or events as they occur. Develop solutions to problems utilizing formal education and judgment.
  • Have CISSP Certified Information Systems Security Professional certification or working toward CISSP certification.

WHY WE'RE AWESOME:

  • Flexible work hours
  • Health and wellness programs
  • Collaborative work environment
  • Dog Friendly office
  • Snacks and food trays!
  • Foosball and Ping-Pong tables
  • Showers on site
  • Centrally located in downtown, close to restaurants and pubs, easily accessible by public transit