Principal Ii, Cloud Cybersecurity

Overview:The position is mainly responsible for assessing the risk, designing security controls, and monitoring the effectiveness of the defenses in a hybrid multi-cloud environment. Application architecture review, threat modeling, and other security-related tasks are responsibilities for this role. The individual in this role will leverage well-known security standards and best practices to create Herbalife security policies, standards, procedures, and guidelines. Additionally, this individual will collaborate with various teams to automate processes to enhance company cloud security to fulfill the business requirements.DETAILED RESPONSIBILITIES:- Leverage well-known security standards and best practices to create Herbalife security policies, standards, procedures, and guidelines.- Analyze systems, threat modeling for new features, identify security vulnerabilities in implementation, and recommend cloud security controls to ensure end-to-end protection.- Manage and triage findings from cloud security tools.- Documenting and disseminating security guidelines for common cloud security issues, give remediation guidance.- Design, develop and implement the cloud/virtualization related security technology roadmap, including Identity as a service, Network as a service, advanced threat intelligence, etc.- Conduct regular security reviews on Herbalife cloud platform and build the dashboard/metric for management review.- Lead and manage some Cybersecurity global projects and delivery to all the regions.- Leverage company resource to define new security hardening standard for new technology, components to meet Herbalife security requirements.24x7 availability for incident response and end of month support.SUPERVISORY RESPONSIBILITIES:Job Qualifications:**Skills**:- Have expertise with security assessments of cloud- native/serverless environments.- Solid Public Cloud product knowledge, Azure, GCP, AWS and other public clouds- Well understanding IaaS, PaaS and SaaS platforms.- Expert in Cloud Native and Cloud Security related technologies (Docker/ Kubernetes / DevOps etc.).- Deep understanding and experience in the leading virtualization technology, e.g., VMware and other similar technology.- Adequate knowledge of OS, Networks, Cryptography, Databases, Web Technologies.- Excellent knowledge of large-scale security solutions integration- General knowledge of build pipelines and CI/CD.- Ability and willingness to learn quickly new skills- Flexibility to work in an agile and fluid environment- Effectively communicates ideas in written and verbal communication.- Strong collaboration abilities and good communication skills- Good oral and written communication skills in English.Languages:- Proficient in English**Experience**:- Experience in public cloud (Azure, GCP, AWS and other public clouds) including different kinds of cloud components.- Experience assessing and mitigating risks related to public cloud deployment (Azure, AWS and other public clouds**Education**:(Bachelor’s degree, Master, Certificates, Licenses, Registrations, high school.)- Bachelor’s degree in Computer Science, Information Technology- 10+ years related experience in Computer Security, Cloud Security related area.- At least two out of the following Technical Certifications:- Microsoft Certified: Azure Security Engineer Associate (AZ-500) (Necessary)- AWS Certified Security Specialty (Necessary)- Google Professional Cloud Security Engineer Certification- CISSPPREFERRED QUALIFICATIONS:(Note: These are additional requirements BEYOND what is required to be considered for the role.)- Alibaba ACP- CCSK- CCSP- CISSP