Lead Cloud Security Engineer
Internet connected and smart home products are growing areas for Dyson where we aim to continue our reputation of being innovative and disruptive. Since our first launch of products in connected space, we have grown fast to several millions of connected machines, and we are envisioning a steep growth in 2023 and beyond both in scale and connected features.
We want to expand the team to build reliable, scalable, and secure services and features to support these increasing demands with innovative and competitive technologies in IoT, Machine Data Lake, Data Analytics and Machine Learning to support our vision. We have a ‘You build it, you run it’ ethos and run all our services within Amazon Web Services (AWS). Our teams are responsible for the architecture, development, testing, and operational support of their services in all environments.
As a Lead Cloud Security Engineer within the Connected Cloud department, you will work closely with our cloud development teams and engineers to ensure that our cloud native IoT platform, associated tooling and the cloud services that we design, build and deploy are secure.
In addition, you will explore innovative ways to improve our overall security posture and deal with common security challenges presented by our cloud workloads.
We primarily leverage AWS to host and secure our services, along with:
- Cloudflare to protect our public facing endpoints
- Jenkins for CI/CD orchestration
- AWS OpenSearch/ELK, Grafana for application monitoring
- Azure Sentinel for our Security Incident & Event Management platform
- Trend Micro Cloud Conformity for compliance monitoring and adherence with cloud best practices
- Veracode for SAST/SCA for scanning our cloud microservices and containers
- C#, Node.js, and Python to create our services
What you’ll be doing:
- Responsible for promoting good security hygiene and best practices
- Defining security requirements, guidelines and policies for our engineers, platforms, tooling and services
- Working alongside our Cloud teams supporting, assisting and advising how to design and build secure services and platforms
- Identifying and assessing our security risks, threats and vulnerabilities and providing a pragmatic approach for applying mitigation where necessary
- Advocating a shifting left mentality to ensure possible threats or security issues can address early within the development cycle
- Working with the wider software teams to design and improve the security of our current and future products
- Ensuring we comply with regulatory requirements and Dyson security standards
- Identifying new technologies, tools, and approaches to help continually improve our security standards and quality
- Act as point of contact for any security related queries or issues and educated our engineers in security best practices
- Experience in securing cloud services (e.g. AWS, Azure, GCP)
- Good understanding of security best practices, ranging from governance and compliance through to vulnerability management
- Some level of coding experience (in any language)
- Exposure to Agile working practices and outstanding communication skills
- Ability to keep abreast of cloud security advisories, alerts, security trends and practices
- Have a background in either software development or securing solutions