Principal Cloud Security Engineer Principal Cloud Security Engineer …

IHS Markit
in Boulder, CO, United States
Permanent, Full time
Be the first to apply
IHS Markit
in Boulder, CO, United States
Permanent, Full time
Be the first to apply
Principal Cloud Security Engineer
Job Title

Principal Cloud Security Engineer


Remote - United States

Job Type

Full Time

Your role

Reporting to the global head of cloud security at IHS Markit, your work will focus primarily on AWS with a secondary focus on VMC, Azure and/or GCP as needed. You will mentor and guide junior members of the cloud security team and partner with stakeholders across information security and other IHS Markit organizations to deliver solutions that harden IHS Markit's cloud security posture.

Emphasis will be on the following objectives:
  • Creating security automation for response and remediation of compliance findings and hardening of AWS and VMWare Cloud on AWS (VMC) environments primarily, and Azure or GCP secondarily
  • Onboard corporate and open-source security tools into build pipelines including SAST, DAST, TVM and anti-virus tools using Cloud native and open-source tooling and create custom tooling where needed to fill in gaps
  • Defining preventative controls using IAM constructs such as Service Control Policies (SCPs), Permissions Boundaries and similar technologies such as Open Policy Agent (OPA)
  • Lend your expertise in defining security strategy and design principles for platforms such as Kubernetes, containers, and VDI/DaaS
  • Creating log and security telemetry collection pipelines using serverless and streaming technologies to parse, enrich and proactively analyze security events
  • Partner with the cybersecurity operations center (CSOC), offensive security operations and threat intelligence teams to onboard new services for the purpose of detection and predication of events

Your expertise

You have
  • 7 - 10 years of experience in AWS cloud security engineering with proven success mentoring team members and influencing strategic direction
  • Thorough understanding of security requirements, best practices and execution in various cloud implementation scenarios: IaaS, PaaS, SaaS
  • Deep expertise in scripting language on Windows and Linux-based operations systems. (Python is primarily desired)
  • Deep expertise with an infrastructure as code (IAC) tool - CloudFormation and/or Terraform
  • DevSecOps expertise with automation technologies for the development of large-scale and highly available CI/CD and security automation using cloud native tools
  • Expertise with developing technical controls for major compliance frameworks such as SOC 2, ISO 27001, CSA CCM, NIST 800-53/FedRAMP/ITSG-33, etc.
  • Experience working with host-based controls in a large, decentralized environment such as anti-virus/anti-malware, host-based IDS/IPS and digital forensics tools
  • Ability to create and aggregate security data engineering pipelines to collect various logs across multiple accounts and environments
  • Strong architectural and business analysis knowledge highly desired - able to work with project management resources to define and commit work to an agile iteration
  • Network security experience relative to securing VDI/DaaS deployments on AWS (AWS WorkSpaces, AWS AppStream 2.0, AWS Cloud9) is desired
  • Security engineering expertise in a secondary public cloud provider: Google Cloud Platform (GCP) or Microsoft Azure
  • While not required, experience developing and securing microservices (Kubernetes, Istio/AWS App Mesh, Calico) is highly desired
  • While not required, some working knowledge of graph databases or AI/ML algorithms for anomaly detection (kNN, RCF, GNN) is highly desired

You are
  • An advocate and a mentor - you can teach junior and senior members of the team and are willing to contribute to cloud security thought leadership throughout IHS Markit
  • A naturally curious self-starter - you can deliver on requirements with some limited guidance or supervision, as needed by you and the team
  • A relentless learner - you actively seek to add to your skillset and knowledge base while challenging the status quo to drive efficiency in the team
  • Strong interpersonal skills - you can communicate with a wide range of technical and non-technical teams
  • Insist on the highest standards within the team and actively share your perspectives with the team and the larger information security organization

What we offer:
  • Access to the most interesting information technologies
  • The ability to implement your own ideas and solutions
  • Participation in conferences and training for Information Security qualifications

Flexible Working

We pride ourselves on our agility and diversity, and we welcome requests to work flexibly. For most roles, flexible hours and/or an element of remote working are usually possible. Please talk to us during the interview about the type of arrangement that is best for you. We will always try to be adaptable wherever we can and in accordance with local and regional practices.

Your colleagues

About us

We are over 14,000 analysts, data scientists and specialists armed with real-time technology and data, working together to uncover deeper sources of information. The unique insights we provide help the industries and markets that drive our economies operate more efficiently, outpace competition and secure long-term success. Our global insights impact nearly every major sector - from aerospace to automotive. We empower our customers by isolating cause and effect, risk and opportunity in new ways so they can make well-informed decisions with greater confidence. This is a force we call The New Intelligence.

Join us

Boundaries belong on maps, not in your work. Start every day at IHS Markit with the excitement of what's next, by working with people from across the globe on interesting, cutting-edge projects and gaining once-in-a-lifetime learning experiences. It is easy to be passionate and invested in your work here, knowing you are causing an effect for some of the world's most influential companies. You'll get to be hands-on with, and see the direct impact, of your work. Career satisfaction just comes with the territory here. IHS Markit is committed to providing equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by the laws and regulations in any of our locations.

We are proud to provide reasonable accommodations to applicants with disabilities. If you are interested in applying for employment with IHS Markit and need special assistance or an accommodation to use our website or to apply for a position, please contact or call +1 212 849 0399. Determination on requests for reasonable accommodation are considered on a case-by-case basis. This contact information (email and phone) is intended for application assistance and accommodation requests only. We are unable to accept resumes or provide information about application status through the phone number or email address above. Resumes are only accepted through the online application process, and only qualified candidates will receive consideration and follow-up.

IHS Markit maintains a substance-free workplace; employees may be asked to submit to a drug test (where permitted by law). In addition, as a federal contractor in the United States, the company participates in the E-Verify Program to confirm eligibility to work.

For information please click on the following links:

IHS Markit Business Code of Conduct
Right to Work
EEO is the Law
EEO is the Law Supplement
Pay Transparency Statement Current Colleagues

If you are currently employed by IHS Markit, please apply internally via the Workday internal careers site.