Job Description & Summary
The Opportunity
A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You’ll focus on cloud and application security strategy and be at the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protects our firm's intellectual assets.
To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.
What you will be doing:
Primary regional contact with technology delivery teams, BISO/CISO, and management to accomplish the following:
Assure that security is properly built into the technology during the design phase by engaging early with development teams to educate them around security by design
Champion use of best practices and approved tools in alignment with industry best practices
Act as the first point of escalation to address technical customer service concerns
Define, influence, communicate and drive the Application Security vision and strategy across the PwC Network of firms.
Lead and support cloud hygiene
Create detailed deployment guides for every cloud component prior to deployment
Utilization of application security tools to scan applications for application security risks
Create and implement a QA process to assure that cloud components are implemented per the deployment guides
Develop cloud monitoring process that provides a comprehensive view of an applications compliance posture
Evaluate and train cloud implementation team and architects in cloud best practices
Emerging technology review
Take lead on analysis of new technologies as they become available in the market.
Create and present, at the senior management level, strategic directives to allow the firm to implement new technologies safely and quickly
Engagement with development teams to articulate complex application security risks
Develop and communicate a point of view on key global trends, and how they impact clients.
What we need from you:
Experience with deployment orchestration, automation, and security configuration management (Jenkins, Bridgecrew, Puppet, Chef, Terraform, Ansible, CloudFormation, or ARM templates)
Ability to identify and mitigate potential threats when configuring public cloud services
8+ years experience as a Cloud Security Engineer, Cloud Engineer, Cloud Security Architect, Cloud Security Ops, or a related field
At least 3+ years of relevant experience as a cloud enablement expert
Ability to work on multi-cloud environments like AWS, GCP, and Azure
Deep knowledge of effective controls for Application Security, Cloud & Services Hosting, Identity and Access Management, Data Protection, Borderless Connectivity, Endpoint Security, and Cyber Security Operations
Conversant with ISO 27002:2005/2013 information security standard
Managing multiple security assessments and changing priorities, simultaneously
Knowledge and experience of API security architecture, authentication and authorization and industry best practices
Hands on engineering experience with enterprise security technology both on-prem, private and public cloud
Familiar with containerization technologies as well as orchestrator solutions (CaaS, CLaaS, Kubernetes)
Background in engaging business & technology stakeholders at all levels to gather long term goals & requirements
Deep understanding of security technology at an enterprise & solution level
#LI-DI1 #LI-Remote
QSC
Cyberfort Group
Datacom
ReversingLabs
