Cloud Security Architect
Shutterstock is looking to hire a skilled Enterprise Security Architect to be part of our Cybersecurity Operations & Incident Management team. The ideal candidate will possess a strong background in security technologies and enterprise architecture and be able to apply this experience both on-prem and in the cloud. This role will be hands-on, and primarily responsible for the design and development of security architectures for protecting systems and communications.
Responsibilities of this role include, but are not limited to, the following activities:
- Design and contribute to security architecture processes that enable the enterprise to develop and implement secure solutions and capabilities that are clearly aligned with the business, technology, and threat drivers
- Participate in application and infrastructure projects and other business initiatives to provide security-planning guidance with the following drivers: reduce risk, protect business applications while ensuring the highest level of data and infrastructure (endpoints, servers, networks, data center, cloud) security
- Review and evaluate current access routes, sites, vendor integration points, and security platform integrations; recommend improvements and develop corrective strategies to improve security prior to implementation
- Assist with design and security oversight of next-generation firewalls, intrusion prevention systems, DDoS solutions, SSL-terminating load balancers, WAF, security groups and NACL
- Recommend and manage transmission protection requirements for all environments (systems, applications, containers, etc.) such as VPC peering best practices, SSL certificate management, key pairs, etc.
- Design and implement monitoring and protection capabilities to help identify and protect against DoS attacks, MITM, EC2 instance compromise, secret compromise, etc.
- Create and maintain comprehensive documentation related to Continuous Support and Incident Response
- Review alerts and data from systems/networks and respond accordingly, including documentation and escalation
- Develop tactical response procedures for security incidents
- Perform security monitoring, security event triage, and incident response; coordinate with other team members and management to document and report incidents
- Due to the necessary technical support duties of this position in a 24/7 operation, the candidate will be part of rotating shifts and will be required to work periodic weekends and/or nights/evenings
Skills and Experience:
- 5+ years of experience in evaluating technical designs and functional requirements in order to determine weaknesses in security. The candidate must be able to provide constructive feedback and achievable recommendations.
- Required industry security certification (e.g., CISSP, CISM, CISA, CCSP, etc.)
- Operational experience with network security appliances with a clear understanding of the architecture behind secure networks, DMZ’s, NAT’s, rule placement, VPN setup, and system maintenance
- Hands-on experience with Cloud technologies and cloud networking constructs – AWS Preferred (EC2, ELB, RDS, Route53, CloudFront, S3)
- Experience with attacks and mitigation methods, working in two or more of the following: Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks
- Strong organizational and project management skills
- Proven ability to develop effective partnerships with senior management and peer organizations. Must be able to explain technical concepts and problems to nontechnical senior executives effectively
- Strong written and verbal communication skills. Strong interpersonal skills, resourceful, responsive with strong follow-through
This is an individual contributor role and will report to the Sr. Manager of Cybersecurity Operations & Incident Management.
About Shutterstock, Inc.
Shutterstock, Inc. (NYSE: SSTK), directly and through its group subsidiaries, is a leading global provider of high-quality licensed photographs, vectors, illustrations, videos and music to businesses, marketing agencies and media organizations around the world. Working with its growing community of over 750,000 contributors, Shutterstock adds hundreds of thousands of images each week, and currently has more than 260 million images and more than 14 million video clips available.
Headquartered in New York City, Shutterstock has offices around the world and customers in more than 150 countries. The company also owns Bigstock, a value-oriented stock media offering; Shutterstock Custom, a custom content creation platform, Offset, a high-end image collection; PremiumBeat a curated royalty-free music library; and Shutterstock Editorial, a premier source of editorial images for the world's media.
Equal Opportunity Employer, M/F/D/V
Meet Some of Shutterstock's Employees
Tobi O.Associate Product Manager, Custom
Tobi is in charge of managing Shutterstock’s support channels, which means assisting customers and contributors with requests and implementing permanent solutions for any issues.
Back to top