New

Staff Cloud Security Engineer

Exelixis
paid holidays, sick time, 401(k)
United States, California, Alameda
Jan 30, 2025
As a Staff Cloud Security Engineer within Exelixis, you will be responsible for ensuring the security of our cloud applications and infrastructure, particularly within Amazon Web Services (AWS), and Azure environments. Your expertise will be crucial in designing, implementing, and maintaining advanced security measures to safeguard our cloud-based systems and data against sophisticated cyber threats and vulnerabilities. You will lead efforts to assess risks, develop security controls and solutions, and enforce compliance with industry standards and regulations, collaborating closely with cross-functional teams and mentoring junior engineers. ESSENTIAL DUTIES AND RESPONSIBILITIES: Design and implement robust security architectures for cloud environments, incorporating tools such as Wiz, Semgrep, Tenable, and/or Cortex, along with other best practices, industry standards, and regulatory requirements. Deploy and configure security tools and technologies, including Wiz, Semgrep, Tenable, and Cortex, to detect cloud misconfigurations and protect applications and cloud infrastructure using best practices for hardening. This includes firewalls, intrusion detection/prevention systems (IDS/IPS), encryption mechanisms, access controls, and identity management solutions. Develop and maintain monitoring systems for detecting and responding to security incidents and breaches in cloud environments, leveraging Wiz, Tenable, and Darktrace capabilities. Conduct regular security assessments, vulnerability scans, and penetration tests to identify and mitigate risks. To be proficient in cloud security controls, and understand cloud usage patterns and trends, cloud pricing models, and cost management tools. Good working experience with with scripting languages like Python or PowerShell are required. Implement automation scripts and tools, integrated with Wiz, Tenable, Darktrace, and other solutions, to streamline security processes, enhance incident response capabilities, and enforce security policies across cloud deployments. Ensure compliance with relevant regulatory requirements (e.g., GDPR, HIPAA) and industry standards (e.g., SANS, ISO 27001, NIST) pertaining to cloud security. Establish and maintain documentation for security policies, procedures, and controls, using insights from tools like Wiz, Semgrep and others.. Provide leadership in guiding and training internal teams on cloud security best practices, threat mitigation strategies, and compliance obligations. Foster a culture of security awareness and accountability throughout the organization, leveraging insights from tooling and other sources. Work closely with cross-functional teams, including IT operations, development, and compliance, to integrate security measures into cloud-native and hybrid cloud environments. Communicate effectively with stakeholders to convey security risks, recommendations, and status updates, leveraging insights from requisite tools. Mentor junior cloud security engineers, providing guidance, support, and professional development opportunities. Lead security-related projects and initiatives, ensuring timely and effective completion. Work off hours and weekends as required. 24/7/365 on-call availability for emergency escalations. SUPERVISORY RESPONSIBILITIES: None EDUCATION/EXPERIENCE/KNOWLEDGE & SKILLS: Education: BS/BA degree in related discipline and seven years related experience; or, MS/MA degree in related discipline and five years related experience; or, Equivalent combination of education and experience. IT/Cloud Security Certifications is plus (SANS, CCSK, CCSP, GCP Professional Cloud Security Engineer, AWS Certified Security - Specialty, etc.) Experience: Minimum five to seven years of experience in cloud security engineering roles, with a focus on GCP, AWS, and MS Azure environments. Proficiency in designing, implementing, and managing security controls within cloud platforms, such as IAM, VPC, Zero Trust principles, IaC, IAAS, Security Groups, Key Management Services, SDLC, Ci/Cd pipelines and Network Security. Experiencing Hands-on experience with security tools and technologies, including Wiz, Semgrep, SIEM, DLP, WAF, CASB, and zero trust security solutions. Strong understanding of networking concepts, protocols, and cloud architecture, with the ability to troubleshoot complex security issues Proficiency with scripting languages (e.g., Python, PowerShell) and automation frameworks for security orchestration and configuration management. Excellent analytical, problem-solving, and communication skills, with the ability to work effectively in a dynamic, fast-paced environment. The ability to analyze event and systems logs, perform forensic analysis, analyze malware, and other incident response related data, as needed. Knowledge of attack vectors, threat tactics and attacker techniques. Knowledge/Skills: Demonstratedabilitytoworkeffectivelywithcustomerstosolvebusinesschallengeswhilebalancingtheneedforconfidentiality,integrity,andavailability. Strongunderstandingofcommonandemergingattackvectors,penetrationmethodsandcountermeasures. Stay informed of the latest security risks and disclosures and ensure Exelixis' infrastructure is sufficiently protected. Partner across the organization to drive remediation of security deficiencies and ensure ongoing alignment with our compliance objectives. General knowledge of CLI and scripting language experience (Python, PowerShell, etc..) Ability to engage and collaborate with employees to leverage security to help the organization succeed. Strong ability to interface with internal customers and technical staff. Strong customer-facing skills (oral, written, and verbal skills); ability to define and articulate complex process flows. Ability to organize and prioritize numerous tasks and completes them under time constraints. Ability to work with minimal guidance, to adapt to frequent priority changes, and response to ad-hoc requests WORKING CONDITIONS: Primarily working indoors in office scenarios. 24/7/365 on-call availability for emergency escalations. #LI-EZ1 If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us! Our compensation reflects the cost of labor across severalU.S. geographic markets, and we pay differently based on those defined markets. The base pay range for this positionis $126,000 - $180,000 annually. The base pay range may take into account the candidate's geographic region, which will adjust the pay depending on the specific work location. The base pay offered will take into account the candidate's geographic region, job-related knowledge, skills, experience and internal equity, among other factors. In addition to the base salary, as part of our Total Rewards program, Exelixis offers comprehensive employee benefits package, including a 401k plan with generous company contributions, group medical, dental and vision coverage, life and disability insurance, and flexible spending accounts. Employees are also eligible for a discretionary annual bonus program, or if field sales staff, a sales-based incentive plan. Exelixis also offers employees the opportunity to purchase company stock, and receive long-term incentives, 15 accrued vacation days in their first year, 17 paid holidays including a company-wide winter shutdown in December, and up to 10 sick days throughout the calendar year. DISCLAIMER The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.