Are you looking for an opportunity to challenge yourself?
At ZoomInfo our employees work hard to ‘define new possibles’, and they are driven by winning. ZoomInfo is a company that got to where it’s at today on the backs of heroic efforts, over the years, by our employees and we are looking for more people to contribute to those efforts.
At our company you’ll see that collaboration is second nature, and you’ll be greeted by a team of incredibly smart, talented, and motivated individuals who will help you define your new best.
You’ll be presented with opportunities to both personally and professionally develop as you build your career. We believe that our employees love to work and love to work here, and that you will like coming to work because of the sense of accomplishment you get from being a part of what we’re building.
You are a fit for our team if you refuse to lose, you seek challenges, and you love to win. We welcome you to join our team of difference makers who are people working with a passion to win together.
ZoomInfo is looking to hire an individual who will join the security team of a rapidly expanding organization with global locations. We are expanding our cloud security operations.
The successful candidate will be responsible for security and compliance in the cloud using frameworks and standards such as CSA secure architecture, CIS Cloud Standards and AWS Well Architected Framework (and similar on GCP). The candidate will be responsible for reviewing the cloud design and architecture, infrastructure, and security controls, running assessments using cloud security tools or scripts and auditing configuration, settings and infrastructure. Coordinating effort and prioritization with DevOps, Infrastructure Engineering team and Engineering along with the SDLC to improve overall security posture and reduce time-to-remediate.
The candidate will be part of a larger global security team and work closely with individuals from all sectors of security, helping the team and expanding abilities and expertise. These teams include Offensive Security, Cyber SOC, GRC and Security Engineering.
The ideal candidate is an experienced information security cloud practitioner who is goal-oriented and strives to exceed expectations, with a proven track record of cloud security, full understanding of SDLC security life cycle, SecOps and related cloud risk and compliance experience.
- Cloud security knowledge in AWS and GCP
- Evaluating against CSA, CIS and Well Architected Framework assess, reviewing and identifing gaps and control improvements
- Recommend improvements and changes to secure cloud infrastructure and the applications that are running within it
- Run and manage cloud assessment and compliance tools
- Fully understand applications and the context of the events and actions
- Recommend tangible improvements and set priorities based on risks
- Review Infrastructure as Code for security controls, gates and compliance
- Work with DevOps and Developers to improve the security culture and areas needing improvement
- Develop cloud playbooks and runbooks for incident management
- Document findings on both a technical and management level to present findings to various parties
- Manage findings and actions by creating tickets and fully managing them
- Participate in larger security team and enhance development lifecycle for code and infra
- Proactively identify gaps in current security posture and develop solutions.
- Analyze, document and present solutions meeting our needs
- Help investigate and respond to security incidents
- Provide monitoring points to help improve CSOC operations and logging/alerting
- Manage cloud-based security and compliance tools
- Create management-friendly reporting from tools
- Promote standards-based change and problem management
- Collaborate with internal and external parties to share information to improve processes and security posture
- Communicate to security team leadership
- Keep management informed with precise, accurate information about security posture and events – no surprises.
- Produce and or help design documentation to formalize security
- Create, document and maintain formal processes to meet certification requirements
- 3-5 years of relevant experience
- Solid knowledge and experience using cloud security and compliance products
- Deep knowledge and experience with security assessment tools, cloud security architecture and supporting
- Strong knowledge of security assessment tool and cloud security architecture
- Knowledge of networking, IAM, public cloud, enterprise logging, SIEM, API Management and containerization
- Experience with Incident Response and deep analytical investigation as needed to understand a threat and address it
- Experience with scripting tools
Built over 20 years ago, ZoomInfo Powered by DiscoverOrg has helped companies achieve their most important objective: profitable growth. Backed by the world's most comprehensive B2B database, our platform puts sales, marketing and recruiting professionals in a position to identify, connect, and engage with qualified prospects. ZoomInfo offers unrivaled data and accuracy with contacts, companies, direct dials and professional movement. For more information on our intelligence solution, visit us at zoominfo.com