Job description

About the Role A Senior Cloud Security Architect at H-E-B designs and guides cloud security architecture for hybrid and cloud-first environments. This role involves analyzing current configurations, implementing security enhancements, and collaborating with internal teams and external vendors to deliver solutions aligned with H-E-B’s cloud security strategy. Responsibilities • Serves as a subject matter expert for cloud security, providing guidance on industry best practices and defense in-depth strategies for the security posture of H-E-B cloud-based digital platforms. • Works with project teams to measure the testing and evaluation of new solutions ensuring satisfaction of H-E-B security requirements. • Works with internal Information Systems teams to design security controls and improve cloud security infrastructure to support business/engineering needs. • Creates best-of-class security architecture designs and patterns for H-E-B, using defensible industry reference architectures and standards. • Works to measure and design tests of cloud configurations and infrastructure for vulnerabilities and security relevant defects. • Works to ensure all cloud infrastructure designs and implementations follow security and compliance control requirements, and to resolve any configuration gaps or defects through collaboration with respective stakeholders. • Designs, develops, documents, automates, and implements security infrastructure in code. • Creates and maintains security architecture specifications and design documentation. • Supports setting the strategic security direction and approach for utilizing cloud-relevant technologies. Qualifications • 7+ years of experience with the design and implementation of complex solutions in medium to large enterprises. • 5+ years of experience building and integrating systems in public or hybrid cloud environments. • 3+ years of experience with information security. • Working knowledge of Amazon Web Services, Azure and/or Google Cloud Platform, and preferred working knowledge of the security tools and practices offered by the platforms. • Working knowledge of Terraform, Cloud Formation, Azure ARM Template, Pulumi, and/or Ansible with demonstrable proficiency with at least one. • A Bachelor’s degree in Computer Science or Software Engineering. • Solid understanding of web applications, web servers, application firewalls, frameworks, and protocols with respect to web application development, deployment, and operation in the cloud. • Proficiency with cloud resources such as virtual networking, access controls (security groups and ACLs), service endpoints, application and network load balancing, API gateways, service meshes, service principals, functions/serverless, storage buckets, containers, block storage and file shares. • Working knowledge of information security controls, guidelines and standards (e.g., ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOC 2, and NIST). • Experience and at least basic understanding of privacy and data protection regulations (e.g., PCI DSS and HIPAA/HITECH). • Proficiency with one of: Python, Golang, JavaScript, PowerShell, Perl, or *nix Shell scripting. • Proficiency with secrets management and vaulting technologies. • Familiarity with Agile and other project methodologies. • Ability to work well under pressure and have great organizational and interpersonal skills. • Familiarity with CSPM/CNAPP. Preferred Skills • One or more professional security certifications such as CISSP, CISA, CEH, GIAC; and cloud certifications from AWS, Azure and/or GCP. • Experience with cloud security tools for discovery, compliance, and vulnerability detection.

Requirements