Key skills
PythonBashPowerShellAWSAzureTerraformKubernetesDockerAnsibleCloudFormationEC2LambdaS3RDSIAMCI/CDLeadershipRisk ManagementCommunicationCloud Security
About this role
AbbVie is a company dedicated to discovering and delivering innovative medicines and solutions for serious health issues. They are seeking a Cloud Security Engineer to guide the organization's security strategy and practices, focusing on cloud computing technology while collaborating with various teams to ensure the security of digital assets in cloud environments.
Responsibilities:
- Serve as a cloud security technical expert to develop and execute cloud security policies and procedures
- Collaborate with cloud technology teams across the enterprise to ensure the integrity and security of our digital assets in AWS/Azure IaaS environments
- Demonstrate high proficiency across a wide range of cloud security technologies to establish guardrails to prevent or automatically remediate common security misconfigurations
- Provide technical leadership, mentor, and consult with less experienced cloud engineers to implement necessary security controls and threat protection
- Act as a Cloud security subject matter expert by continually reviewing environments for opportunities to reduce risk when possible
- Build automation to monitor cloud resources for compliance with existing standards and alert for configuration drift
- Consult with cloud engineers to successfully implement design requirements from cloud security architects
- Provide governance and consulting to ensure established controls remain effective
- Contribute to advancement of own function by studying start-of-the-art tools, techniques, and computing equipment; participate in educational opportunities and professional organizations
- Highly autonomous and productive in performing activities, requiring only minimal direction from or interaction with supervisor
- Excellent communication and influencing skills with the ability to balance differing stakeholder interests through sound analysis and persuasion
- Understand and adhere to corporate standards regarding applicable Corporate and Divisional Policies, including code of conduct, safety, GxP compliance, data security, and the software development cycle
Requirements:
- Bachelor's Degree with 6 years' experience; Master's degree with 5 years' experience; PhD with 0 years' experience in information security and/or related functions (IT Audit, Risk Management, or Security Architecture)
- Strong knowledge of scripting languages, including Python, Bash, and/or PowerShell
- Experience developing AWS Service and Resource Control Policies (SCP and RCP) to effectively manage permissions across the enterprise
- Expertise in AWS services including EC2, S3, RDS, Lambda, CloudFormation, VPC, and IAM
- Experience with Infrastructure as Code (IaC) tools including CloudFormation, Terraform, or Ansible
- Knowledge of DevOps practices and tools, including CI/CD pipelines, automation tools, and Docker/Kubernetes for containerization
- Excellent written and oral communication skills
- Strong problem-solving and analytical skills with the ability to identify security risks and propose effective solutions
- Professional cybersecurity and relevant industry certifications (CISSP, AWS Solution Architect, AWS Security, CSA CCSK, SANS GCLD, etc.) are highly desirable