Senior Cloud Security Engineer

Job Description

Metro-Goldwyn-Mayer Studios Inc. ("MGM") is seeking a Senior Cloud Security Engineer to help expand our security organization. The ideal candidate will have a strong understanding of the cloud security epics and adoption frameworks. Experience with codifying security to implement and manage directive, preventive, detective, and responsive controls.

The Team: We're a diverse group of hackers who have a passion for protecting our storytellers, creatives, workforce, content and over 96 years of Hollywood history. We pride ourselves on being innovative and progressive in all areas of information and cybersecurity. Our mission is to build frictionless security to support business enablement. Inclusiveness and empowerment are part of our ethos to elevate our team and the infosec community. Our ideal candidate can find creative ways to solve complex security challenges and not be afraid to try new things. Be willing to share their knowledge and empower others.

Responsibilities:
• Help build and maintain a consistent and advanced security infrastructure, responsible for the delivery of media content internally and externally. This includes but not limited to; identity, endpoint security, cloud security, data and privacy protection, email security, SASE, and other tooling within the security infrastructure.
• Design and build playbooks for security orchestration, automation and response (SOAR).
• Leverage cloud native security services such as AWS CloudTrail, CloudWatch, Shield, GuardDuty, Lambda, Macie, and more.
• Participate as a member of the incident response team.
• Work closely with the Media Technology Group (MTG) and AppSec to harden environment.
• Provide guidance and work closely with MTG Architecture Team to secure applications, microservices, containerization, and other cloud native workloads in AWS, Azure and GCP.
• Help drive the AWS Security Epics program.
• Assist in documenting policies, standard operating procedures, and security reference architectures.
• Participate in on-call rotation and work closely with 24/7 SOC.

Requirements:
• 3+ years of experience as a Cloud Security Engineer or equivalent in information security.
• Experience in Python, JS and other modern programming languages.
• Experience building SOAR playbooks using technologies such as Phantom, Demisto, TheHive, Swimlane, etc.
• Experience with AWS and Azure. GCP familiarity is a plus.
• Experience with incident response handling.
• Experience with vulnerability and threat management for ephemeral workloads.
• Experience with CIS, NIST, and other frameworks for on-prem and cloud environments.
• Experience with identity providers such as Azure, Okta, Ping, etc.
• Experience with the MITRE ATT&CK framework.
• Experience with DevSecOps, SDLC, CI/CD, and infrastructure as code principles and toolsets.
• Experience with microservices and containerization.
• AWS certifications a plus.
• Participation experience in industry events such as DefCon, BSides, ShellCon, etc a plus.
• Participation in CTF events highly desired specifically Blue and Red Team challenges.
• Knowledge of Zero Trust and FIDO2.

#sbj

Jobcode: Reference SBJ-rj6b70-3-16-70-101-42 in your application.