Security Engineer, DevOps and Automation
We are PIMCO, a leading global asset management firm. We manage investments and develop solutions across the full spectrum of asset classes, strategies and vehicles: fixed income, equities, commodities, asset allocation, ETFs, hedge funds and private equity. PIMCO is one of the largest investment managers, actively managing more than $1.78 trillion in assets for clients around the world. PIMCO has over 2,800 employees in 17 offices globally. PIMCO is recognized as an innovator, industry thought leader and trusted advisor to our clients.
PIMCO is one of the world's premier fixed income investment managers with thousands of professionals around the world united in a single purpose: creating opportunities for our clients in every environment. Since 1971, we have brought innovation and expertise to our partnership with the institutions, financial advisors and millions of individual investors who entrust us with their assets. We aspire to cultivate performance and leadership through empowering our people, diversity of thought, and a commitment to an inclusive culture that engages in our global communities. Position Description:
As a DevOps Security Engineer reporting directly to the Global Information Security Officer, you will be part of a highly functioning and results-oriented team that plays a key role in supporting the transformation of platforms and applications across the firm. You will be solving the complexity around building horizontally scalable services from a security perspective. We present opportunities to advise on cybersecurity strategy and implementation to senior management. The Information Security Team values ambitious-entrepreneurial approach and fosters an environment for professional growth and career development. You will be a meaningful culture carrier for the organization, who models the right behaviors for the team, and helps craft a shared sense of leadership and accountability across technology. Responsibilities
- Develop skills, technical capabilities, and methods to deliver the best cyber defense capability to protect IT assets from cyber threats, attacks, and exploitation
- Ensure our cloud deployments are secure and robust
- Lead the development of Application Security standards, DevSecOps process, and security training for application developers
- Maintain situational awareness of meaningful cyber defense initiatives, indicator lists, threat reports, incident response techniques, and cyber defense technologies to ensure that cyber defenses are effective and incorporating the best protections
- Provide critical input into the selection, configuration, and implementation of new and existing security technology solutions
- Demonstrable understanding as to what is required to prevent security exploits, how to detect security attacks and anomalies, and how to respond to security incidents and intrusions
- Identify ("threat hunting") and analyze new and emerging threats in addition to countermeasures, controls to ensure adequate protection/capabilities
- Build and lead security service provider relationship(s) including but not limited to contracts, use case development, service level agreements, and work flow/process development for Security Operations Center SOC).
- Serve as information security domain authority, trusted advisor
- Complete administrative tasks like status reporting and project plan completion
- Provide Leadership and mentorship to less experienced members of the Information Security Team
- Minimum 3 years of experience working within an Information Security team
- Experience securing and operating cloud infrastructure in an enterprise environment
- Experience with public cloud technologies - Amazon Web Services, OpenStack, Google Cloud Platform or Microsoft Azure
- Passion for automation and experience with tools such as Terraform, Ansible, Jenkins, Puppet, and Chef.
- Understanding of infrastructure fundamentals such as Unix, SSH, Kerberos, and ADFS
- Master's or Bachelor's Degree in Computer Science, Cybersecurity, Information Systems and/or equivalent experience in a related field.
- Advanced industry certifications a plus, e.g. SANS GIAC, OSCP/E, Security+, Network+, CySA+, CASP+, CISSM, CISM, CCSP, CEH (Certified Ethical Hacker), CCNA, CCNA Cyber Ops.
- Solid grasp of threat models, adversary tactics and methodologies, and threat intelligence
- Strong analytical skills and ability to identify, analyze, and resolve problems, driving solutions through to completion
- Script development (Python, VBscript, and Powershell) a plus
- Programming skills in at least one of the primary programming languages: C#, Python, C++, .NET or Java
- Solid grasp of SQL languages
- Ability to meet established deadlines; a self-starter and be able to work independently as well as being a standout colleague
- Strong facilitation of skills and a clear ability to build strong relationships with business partners at all levels, including senior leaders
- Demonstrated ability to translate business drivers and priorities into security design
- Ability to translate complex technical information across all levels of the organization
PIMCO is committed to offering a comprehensive portfolio of employee benefits designed to support the health and well-being of you and your family. Benefits vary by location but may include:
- Medical, dental, and vision coverage
- Life insurance and travel coverage
- 401(k) (defined contribution) retirement savings, retirement plan, pension contribution from your first day of employment
- Work/life programs such as flexible work arrangements, parental leave and support, employee assistance plan, commuter benefits, health club discounts, and educational/CFA certification reimbursement programs
- Community involvement opportunities with The PIMCO Foundation in each PIMCO office