Lead Information Security Engineer - Obsidian Security/AppOmni

Strictly W2 (NO C2C/1099/C2H)

Job Title: Lead Information Security Engineer – Python Automation

Contract: 9 months, possible extension

Hybrid working model – 3 days onsite/2 days remote

Location options: Dallas, TX / Charlotte, NC / Chandler, AZ / Wilmington, DE / Raleigh, NC / San Antonio, TX / Minneapolis, MN / Des Moines, IA / Philadelphia, PA

JOB SUMMARY:

Seeking an experienced Lead Information Security Engineer (Information Security Engineer 4 - Contingent) to join our Cloud Workload Lifecycle Security (CWLS) team within the Cybersecurity – Vulnerability & Patch Management organization. Be a part of one of the core teams working on our digital transformation; join our dynamic, diverse, fast-paced team environment where we secure and reduce risk for our Enterprise cloud migration. The Information Security Engineer 4 – Contingent – Posture Management Engineer will support the SaaS Security Posture Management (SSPM) tool, with specific focus on the Posture Management module. We specialize in engineering and support for public cloud and SaaS applications such as Salesforce and ServiceNow, with a focus on misconfiguration detection and configuration drift monitoring, as well as the associated integrations with partner systems for logging and delivering findings.

KEY RESPONSIBILITIES:

• Leveraging your deep expertise with automation to “semi-automate” Policy as Code development, leveraged to monitor for SaaS application misconfiguration/config. drift

• Act as the subject matter expert (SME) for SSPM capabilities, roadmap features, and best practices specific

• Enable, configure, and tune SSPM detection policies

• Ability to efficiently transform security requirements/parameters into policies for SSPM

• Strong collaboration with direct teammates, vendors, and partners, ensuring the success of policy development automation

• Lead technical/engineering requirement-gathering discussions and effectively design/develop complex solutions

• Troubleshoot and resolve support escalation cases related to SSPM

• Contribute to internal code repositories to continuously improve overall code quality for the team

• Develop and maintain high-quality documentation

• Train team members on utilizing the PaC semi-automation tooling/approach you establish for our policy development practice

• Be a motivated self-starter, quick to adapt, and stay focused on delivering results in a fast-paced environment with aggressive deadlines

• Work effectively with a virtual Team consisting of members across various locations in the U.S. and India

REQUIRED SKILLS:

• 5 years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

• 4 years of Intermediate to Advanced experience with Python and automation

• 2 years of practical experience and strong understanding of Azure & Google public cloud – platforms, services, configurations, workloads & hardening practices

• 1 year of experience with SaaS Security Posture Management tools like Obsidian Security, AppOmni

• Experience with extracting, transforming, and loading data via REST API endpoints

• Advanced experience with Python programming/automation

• Familiarity with CI/CD tools (GitHub Actions, GitLab CI, Jenkins, Azure DevOps)

• Strong verbal and written communication skills

• Proven ability to work independently, as well as having strong interpersonal skills to work effectively within a Team and with partners

• Strong analytical skills, proven critical thinking capabilities, and ability to solve complex problems with minimal direct oversight

• Intermediate to advanced experience working with Microsoft Office products (e.g., Word, Excel, PowerPoint, Visio, Outlook, MS Teams, SharePoint)

• Ability to handle multiple, high-priority deliverables concurrently

• Ability to communicate confidentially, professionally, and effectively, in both written and verbal formats, with stakeholders and partners

• 1 year of experience working on teams practicing Agile Scrum or Kanban methodologies

DESIRED SKILLS:

• 1 year of deep Obsidian Security experience, in either an engineering or support role

• Knowledge and understanding of DevSecOps and deployment automation in cloud environments

• Expertise and experience with API driven policy automation

• Expertise and experience with Infrastructure as Code (IaC) and/or Policy as Code (PaC) concepts/tools

• Expertise with automated testing

• Intermediate to advanced experience with Kubernetes, preferably AKS/GKE

• Familiarity with various cloud security and related risk frameworks (Cloud Security Alliance (CSA), CIS, NIST, etc.)

• Experience with change and incident management practices in large enterprises

• Security certifications such as Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), or equivalent, CISA, CISM, CISSP, CRISC, CCSK

• Microsoft Azure and/or Google Cloud Certifications

EEO:

“Mindlance is an Equal Opportunity Employer and does not discriminate in employment based on – Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.”