Job title:                             Senior Information Security Specialist

Department / Division:  Information Security & Risk

Michigan:                           $97,843 - $126,621

California:                         $105,678 - $136,760

New York:                           $111,555 - $144,366

Location:                            Ada, MI (Hybrid),  or remote from CA, CO, DC, GA, FL, IL, MI, NJ, NY, TX, WA

What We’re Looking For:

We are looking for a Senior Information Security Specialist that is skilled in container technologies and automation.  In this role the primary focus will be partnering with Amway technology teams to enable business outcomes while applying common security practices.  This will include a focus on container workloads.  Apply various security patterns leveraging programmatic solutions to automate and improve the security of workloads.  Experience with code development (e.g., scripting, source control, etc.) to enhance current and future security solutions in partnership with product teams.
 

As a Senior Information Security Specialist, you will be responsible for developing, implementing, and maintaining security measures to protect our company's data and infrastructure. You will be working closely with our development, SRE, and security operations teams to ensure the security of our Kubernetes environment(s). Perform technical and non-technical security reviews to identify risks and to promote security awareness and best practices. Be familiar with ways to automate and interact with cloud and container environments.

You will be measured on your ability to contribute incremental value to the team in a dynamic and rapidly changing global environment.  This will require a willingness to learn about emerging technologies quickly, assess risks and threats, and develop ways to improve the security posture and respond to threats with automation.

Required qualifications:

• 6 years of related experience in working with scripting (e.g., Python) or code development to support complex applications or projects.
• 6 years of related experience in working with traditional or cloud infrastructure to architect or support solutions (e.g., solid knowledge of computing environments and cloud technology).
• BA/BS Degree in Computer Engineer/Computer Science 
• Experience in hardening of systems, network, and operating systems.
• Knowledge of network security architecture concepts.
• Hands-on experience with managing, maintaining, and securing Container (e.g., Kubernetes) workloads.
• Hands-on experience with python scripting to automate routine tasks.
• High-level of experience and understanding of at least one cloud provider (AWS, Azure, GCP).
• Flexibility to work outside of regular business bours in support of Amway’s global markets.
• Experience working on technical teams on complex Information Technology projects.
• Experience working with technical management on planning, building roadmaps, strategy, etc.
• Proven experience working independently and delivering results in an agile and rapidly changing environment.

Skills to be successful in the role:

• Learn cloud security concepts and tools to help identify and remediate security gaps.
• Interpret established cloud security controls and translate these into practical actionable steps that can be applied at the appropriate stages of projects.
• Design, develop, and implement secure automation practices in a unified, scalable manner.
• Develop and enforce security policies, procedures, and controls for Kubernetes environment(s).
• Consult directly with product teams to provide secure architecture reviews, risk analysis, and implementation guidance (following policies, procedure, and controls) on Kubernetes workloads.
• Monitor, audit, and report on the security of Kubernetes clusters, providing technical security advice where necessary.
• Communicate directly with Amway technology and product teams on initiatives and value propositions to improve the security of Amway’s container environments. 
• Provide training and guidance to team members on Kubernetes security best practices and trends.
• Leverage your scripting (e.g., Python) skills to automate routine security tasks and perform security health checks and respond to active alerts.
• Be familiar with CI/CD processes and tools (e.g., AWS CodeBuild, Jenkins, etc.)
• Develop scripts/code to improve security efforts and efficiencies of routine and/or repetitive tasks at scale.
• Use source control (e.g., GitHub) to manage (store, updated, version control) source code including scripts that may be used in CI/CD or SOAR playbooks.
• Familiar with security events and incident handling best practices and processes.
• Supporting environments composed of Linux and Windows based operating systems.
• Relevant security certifications (e.g., CISSP, CISM, CompTIA Security+, Kubernetes Security Specialist) are highly desirable.
• Experience interpreting and applying regulatory requirements such as ISO 27001 and PCI.
• Familiarity with privacy principles and management of sensitive/confidential data.
• Team player with interest in continuous learning to grow a career in security.

What’s special about this team:

In Information Security and Risk (ISR), you will be joining motivated individuals that value innovation, openness, independent thinking, and a bias for action. You will be working with our global security engineering team.  You will implement security tools and provide guidance for solutions driving our A70 vision.
 
This role is “Not” eligible for sponsorship.