Hosting Platform Security Engineer

Our strategic client has declared a Cloud First strategy and will be moving most of our workloads to the Cloud over the next few years. At the same time Core Data Lake and Data Hubs Program led by Data & Analytics Organization (D&A) is leveraging Cloud to transform BI and Analytics for the company, harmonizing various data types and allowing standard solutions tailored specifically for unique needs of specific Business Units.

As D&A Hosting Platform Security Engineer you will be leveraging strong technical info security and management skills to build, verify/test and improve compliance of D&A Hosting Platform capabilities (primarily Azure) leveraged by D&A Data Hubs application teams, help driving compliant architecture and build security knowledge / provide consultancy in that area. D&A Hosting Platform team aims at transforming newest technologies to secure, performant, stable, cost effective and flexible business capabilities that support client’s key business cases in a PaaS way - targeting automation and self-service, so you will work collaboratively with rest of the team to ensure all objectives are properly met.

• Working regularly with client Information Security team to understand client Security Processes, Policies and Tools at the Network, Transport, Storage and Application Layers
• Staying on top of industry cloud security capabilities
• Ensuring Core Data Platform and Data Hubs are compliant with client Security Standards, Guidelines and Best Practices

o operations access auditing, vulnerability mitigation coordination

o driving and measuring Core Data Platform and Data Hubs resources Security compliance

o Drive security from Source to Consumption (Data Movement, Processing and Consumption APIs)

o Identity security controls gaps and provide guidance/plans to comply with mandatory security controls (Technical Security Standards) for IaaS and PaaS deployments in cloud.

• Creation and execution of a “D&A Security Calendar” encompassing all regular and ad-hoc Security Engineer tasks and obtaining InfoSec approval for it.
• Work with DEVOPS on holistic patch management plan to provide structure and flexibility to individual application teams while maintaining security compliance; work with Infrastructure & Network Engineers on the execution plan
• Drive or leverage capabilities (Containers, infrastructure automation/configuration tools) to support effective patching and compliance.
• Consult Capability Engineers, Infrastructure & Network Engineers, Utility Engineers and D&A DevOps - to build in security compliance in their Blueprints, Testing strategies, Best practices and multiple projects

o iRisk, pen-testing, security scanning

o documenting security results per application

• Working with InfoSecurity, Cloud COE, Cloud Operations and Cloud Service Partners to understand and troubleshoot security incidents and concerns for cloud capabilities used by Data & Analytics applications.
• "Deep" Problem Management support (investigate and find permanent fixes where Prod is having to use a work around due to problems caused by security tools or required security configuration).
• Incident management for major Security incidents, including close collaboration with Network Team, Cloud COE, Cloud Operations and Cloud Service Partners - acting as L3 for major incidents escalations for own scope (may happen outside of work hours or weekends).
• Creating automation scripts (PowerShell, Python, Azure Automation) to drive compliance, or to understand infrastructure health.

• Strong technical knowledge and demonstrated experience in each of the following areas (1 or more of each domain):
• Experience working with MS Azure Cloud Computing Platform & Services (different resources, offerings and tools), including Azure Security Center
• Understanding of Cloud security capabilities
• Understanding of security tools for vulnerability scanning, cloud security compliance, container security, AV/Malware, ATP, dynamic/static scan and threat analysis.
• Understanding of DEVSECOPS practices.
• Stewardship experience to ensure services are compliant with relevant P&G policies (Security, Governance, etc.).
• Overall understanding of infrastructure and Platform components (network, servers), technical knowledge and experience in Hosting and related technologies (data center, cloud [IaaS, PaaS], computing, Windows, Linux, storage, backup, virtualization, etc.), have a passion for these domains, and can learn technologies quickly.
• Experience working on Information Security matters at an infrastructure platform level or must have the desire to grow in infrastructure or application platform security via this role.
• Ability to quickly penetrate technology areas and ask appropriate and relevant technical questions.

• Knowledge of PowerShell and/or Linux environment and shell (bash) scripting
• Knowledge of Kusto Query Language, Azure LogAnalytics
• Knowledge of Elastic Search & Kibana
• Experience in some infrastructure automation/configuration tool – Ansible, Chef, Puppet or similar - you know how those can help with large-scale, complex deployments.
• Knowledge of PowerBI
• Qualifications (can be built on the role):
• CISSP Certified
• Microsoft Certified: Azure Security Engineer Associate or Administrator Associate or Developer Associate

• Competitive salary
• Luxoft Training Center
• Access to e-learning Library
• Individual development plans
• Long-term cooperation with possibility to gain experience in different projects and technologies
• A significant number of professional communities (Agile Community, Tech Community, Business Analysis Community, etc.)

• Group Life Insurance
• Private healthcare insurance – LuxMed. Unlimited access to specialist consultations with Dental Care included
• Medical costs reimbursement for employees (up to certain amount per quarter)
• Travel Insurance
• Benefit Program - Cafeteria and Multisport Card

• Various communities (sport, recreation activities, trips, board games, cultural and educational activities)
• Discounts program for employees – BeLux (banking offer, car leasing offer and cafeteria program discount)
• Convenient locations in a modern offices with game rooms
• Multinational projects for clients all over the world