Lead Cloud Security Engineer
- Beaverton, OR
Become a Part of the NIKE, Inc. Team
NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At NIKE, Inc. it's about each person bringing skills and passion to a challenging and constantly evolving game.
NIKE is a technology company. From our flagship website and five-star mobile apps to developing products, managing big data and providing leading edge engineering and systems support, our teams at NIKE Global Technology exist to revolutionize the future at the confluence of tech and sport. We invest and develop advances in technology and employ the most creative people in the world, and then give them the support to constantly innovate, iterate and serve consumers more directly and personally. Our teams are innovative, diverse, multidisciplinary and collaborative, taking technology into the future and bringing the world with it.
Nike Global Technology brings together technology and process expertise to create value for the consumer. We deliver one-stop, integrated process and technology capabilities that enable Nike, Inc.'s businesses and brands worldwide. Our focus is on providing Lean solutions that eliminate waste, maximize consumer value, and drive profitable business growth.
As our Lead Cloud Security Engineer, you will use your in-depth knowledge of cloud security principles and technologies, industry best practice, professional experience, collaboration and good judgment to inform and deliver on an information security strategy and roadmap. You will influence the direction of information technology at Nike as it relates to adoption of cloud services and infrastructure, reviewing and influencing decisions on migrating from on-premise data centers to cloud platforms.
This role will have a special focus on evaluating, documenting, evangelizing, and implementing security recommendations for technology solutions, processes, and policy requirements for AWS.
- Takes strategic direction and applies frameworks, roadmaps, and informs reference architectures that incorporate enterprise standards and direction to improve the global corporate security posture while addressing risks;
- Inform and aid in the development of a multi-year IT Security Strategy and budget that outlines key initiatives in support of the Nike Information Security Strategy;
- Work with Business IT teams to continually improve the security posture of their application portfolios using a risk-based approach;
- Review projects for security concerns and provide security guidance to business partners, engineering, governance, and support teams;
- Apply and execute a sustainable security framework to allow secure technology standardization;
- Provides thought leadership within highly visible projects and initiatives to ensure appropriate security controls are in place to protect Nike data;
- Develop business cases for the adoption of new technology, standards and processes;
- Support management in understanding architectural information risk within/against Nike;
- Analyze market and security trends and adjust the strategic roadmap accordingly;
- Stay current on security technologies, trends, standards and best practices; and
- Other duties and responsibilities as assigned.
- Advanced knowledge of information security standards, principles and practices
- Advanced knowledge of securing various cloud-based network types
- Demonstrated relevant security expertise in implementing secure solutions and services for a mix of the following areas: Network Devices, Server Operating Systems (Windows / Linux), Workstation Operating Systems (Windows / MacOS), Storage Devices, Virtualization, IDS & IPS Technologies, SIEM Technologies, Encryption, PKI, Identity Management, Certificate Management, File Integrity Monitoring
- Knowledge in the following areas are highly desirable: Secure Web Gateways, Data Loss Prevention, Application Security, Database Security (Oracle/MySQL), Compliance - SOX, PCI, ISO 27001, Cloud, Colocation, Cloud Technologies, Forensics, Cyber Intelligence National and International Privacy laws and regulations
- Proficient at the techniques that go into the implementation of solution architectures, including requirements discovery and analysis, application of abstraction, formulation of solution context, solution alternatives identification and assessment, technology selection, and implementation
- Experience with CI/CD pipelines using toolsets like Jenkins, CircleCI, Artifactory, etc.
- Experience with delivering and managing solutions on AWS required
- Experience with containers, container runtimes (i.e. Kubernetes), and/or serverless technologies;
- Experience with Python programming language desirable;
- Experience in developing cloud native applications, APIs, and data pipelines desirable.
- Able to successfully elicit requirements from appropriate business partners and stakeholders (e.g. functional, performance, technical, compliance), and identify solutions to non-standard requests;
- Self-directed and comfortable with working in a fast-paced, results-oriented, and often ambiguous environment with minimal guidance;
- Able to assess risk and translate it to business relevant considerations and facts;
- Demonstrate pride in work, showing focus, high attention to detail and build quality, and a sense of urgency to reach goals on time;
- Critical thinking and proactive problem solving, appropriately challenges the status quo.
- Able to take a new point of view using or improving on existing solutions;
- Excellent verbal and written communication skills to effectively collaborate and build consensus with both business and technical teams;
- Actively participates by sharing information, offering suggestions and taking initiative to get things done.
- Able to learn and apply new concepts quickly;
- Able to independently and effectively handle multiple competing priorities and make good use of resources (e.g. time, people, money)
- Must be trustworthy in keeping sensitive data confidential.
- Bachelor's degree in Computer Science or related filed + 3 years relevant work experience, or 5+ years relevant work experience in an Information Security domain in lieu of a degree.
- CCSP, CISSP, CCNA, CISM, OSCP or related certifications strongly preferred but equivalent knowledge will be considered.
NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.
NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.
Back to top