Apply on Employer Site

Caesars Entertainment · 1 month ago

Lead Cloud Security Architect

United States

Full-time

Remote

Senior Level, Lead/Staff

7+ years exp

Caesars Entertainment is the largest casino-entertainment company in the U.S. and is seeking a Lead Cloud Security Architect to design, implement, and maintain security measures for their cloud infrastructure. The role involves leading a team of engineers and ensuring security integration throughout the development lifecycle while staying ahead of emerging threats.

Food and Beverage

Responsibilities

Build and deploy security capabilities designed to secure code and production infrastructure throughout the CI/CD pipeline as well as non-production and production environments

Identify and prevent the introduction of high-risk vulnerabilities to the production environment

Leverage static and dynamic code analysis to security assess application and infrastructure code

Implement and operationalize the AWS Security Pillar of the AWS Well-Architected Framework

Implement and operationalize the GCP Google Cloud Architecture Framework

Define, build, and maintain Cloud Security Policies, Standards, and Procedures that meet or exceed all required regulatory requirements

Evaluate, implement, and operationalize a CSPM, CWPP, CNAPP solutions across multi-cloud

Design and implement a Multi-Cloud Security Strategy (primarily for AWS and GCP)

Introduce commercial and vetted open-source solutions to secure and continuously monitor AWS cloud infrastructure, services, and workloads

Help the application delivery and DevOps team detect and fix security vulnerabilities

Leverage Terraform to automatically configure and maintain AWS cloud native and third-party security solutions

Implement a strong identity foundation through least privilege policies

Enable traceability/observability

Apply security at all layers from PoP to endpoint

Automate security best practices for scale and cost effectiveness

Protect data at rest and in transit with proper classifications

Keep people away from data to reduce or eliminate direct access or manual processing of data

Prepare for security events to occur and build capabilities for SOC to be able to detect, contain, eradicate, and recover

Leverage Python or Go to automate security acceptance testing

Harden server operating systems and containers

Review and analyze security event logs to support security incident response efforts

Author and communicate blameless postmortems

Lead and mentor a team of cloud security engineers, providing guidance and support for their professional development

Collaborate with cross-functional teams to ensure security is integrated into all aspects of the development lifecycle

Stay up-to-date with the latest security trends, threats, and technology solutions to continuously improve the organization's security posture

Qualification

AWS Security Reference ArchitectureGCP Security Reference ArchitectureCI/CD pipeline securityTerraformPythonGoKubernetes securityCloud Security PoliciesAWS compliance servicesSecurity incident responseData protectionLeadership skillsCommunication skillsProblem-solving skillsCollaboration skillsCritical thinking

Required

3+ years of work experience securing and monitoring CI/CD pipelines and AWS cloud infrastructure

5+ years of cloud experience in IT field

7+ years of Information Technology or Information Security experience

Ability to write Lambda functions in Python or Go

Strong command and understanding of AWS and GCP Security Reference Architecture (SRA)

Strong understanding of basic AWS cloud internetworking concepts

Experience leveraging AWS security and compliance services such as IAM, AWS WAF, and more

Experience securing Kubernetes, containers, and microservices

Experience using Terraform to deploy security-oriented infrastructure and configure security services

Proven leadership skills with the ability to manage and mentor a team

Excellent communication and collaboration skills to work effectively with stakeholders at all levels

Strong problem-solving skills and the ability to think critically and strategically

Preferred

Experience with commercial cloud native application protection platforms such as Prisma Cloud

Working knowledge of GitLab

Desirable Certifications: AWS SysOps Administrator, AWS Certified Solutions Architect, AWS Certified Security Specialty, equivalent GCP, OSCP, GWEB, and GCSA