Responsibilities

Hexagon’s Asset Lifecycle Intelligence division is seeking a Cloud Security Engineer who can provide hands-on technical application security expertise and ownership of the growing cloud application suite, across multiple providers, using public cloud platforms. You will work closely with our software development groups, global InfoSec/OpsSec team, and our Cloud Operations team, to help build secure and robust applications, responsible for serving all Cloud customers. The Cloud Security Engineer provides cloud application security expertise in the analysis, assessment, development, and evaluation of application solutions and architectures to secure application multi-tenant deployments. Additionally, the Cloud Security Engineer assists in the development of requirements including secure software design, secure application deployment, secure identity management, as well as providing monitoring and oversight for alerts and vulnerabilities in this environment.

• Secure application design and implementation on Azure and AWS public cloud platforms.
• Serves as the subject matter expert (SME) on Cloud application security, including secure software development processes, vulnerability management, and application security event management and triage.
• Participate in projects that apply the company’s security policies and standards for use in application security in cloud environments.
• Communicate security concepts to different audiences ranging from business leaders to engineers.
• Comfortable serving in a consultant capacity to less-knowledgeable stakeholders. Serve as a key subject matter expect in support of securing custom applications both from development and traditional network security perspectives.
• Propose and/or design technical solutions including complex application security design concepts for a multi-tenant platform.
• Mentor and influence multi-disciplinary teams in implementing secure application design and vulnerability remediation.
• Develops standards, policies, and procedures as well as best practices documentation.
• Translates technical requirements into business requirements.
• Knowledge of identity management and familiarity with such technologies as Ping Federate and Okta.
• Undergoes ongoing training to update appropriate Public Cloud security skills and knowledge.

Qualifications

• Strong Application Security experience.
• Excellent communication skills and ability to communicate to key stakeholders and management.
• Previous experience in software development and/or demonstrated experience with SDLC implementations.
• Knowledgeable in software development patterns and building applications for a zero-trust operating model.
• Some experience with application frameworks, vulnerability management in software development, and associated proactive tools used in the SDLC.
• Experience of automation & remediation of security items using code.
• Previous experience with Azure Public Cloud and/or AWS.
• Experience of vulnerability management and SIEM tools.
• Strong understanding of penetration testing and vulnerability assessments
• Strong knowledge of certification standards especially including ISO27001 and SOC2 certification standards.
• Experience with application pipelines and integrating security in the CI/CD process.

Preferred

• Previous experience with identity management solutions preferred but not essential.
• Security certifications a strong plus with Azure/AWS certifications preferred, but not essential.

Hexagon will not sponsor applicants for a work visa for this position.

#LI-EW1

#LI-remote