Here, we believe there's not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there's a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. We'll give you the space to share your strengths and we want you to show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show!
Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans.
The core function of the Lead Information Security Engineer II (Cloud DevSecOps) is to support the Information Security Manager in achieving Cloud Security goals through the implementation of cloud security technologies and automation focused on secure cloud configurations, leveraging web service-based APIs from multiple vendors. These goals are interrelated with a need to securely enable the business to make, ship, and sell products at scale. Must be able to create software defined security configurations, design life-cycle service models, and maintain security with technology interoperability and flexible integration with other systems. Proficiency in documentation is a must for existing and proposed cloud security solutions. This position requires working closely with other teams to evaluate, implement, and maintain secure cloud configurations across the enterprise. This position is also responsible for creating and maintaining Cloud Security policies, standards, guidelines, and procedures following regulations and industry standard security best practices. Must clearly demonstrate above standard Information Security and Cloud competence.
Strategy & Planning
Participate in the planning and design of enterprise cloud security architecture, under the direction of the IT Security Manager, where appropriate.
Provide technical expertise, direction, and assistance to Systems Analysts and Systems Engineers.
Participate in the creation and maintenance of enterprise cloud security documents (policies, standards, guidelines, and procedures) under the direction of the IT Security Manager, where appropriate.
Participate in the evaluation and implementation of Cloud Security solutions, such as Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and/or Cloud Access Security Broker (CASB).
Develop security solutions that facilitate the company's strategic business needs.
Conduct research on emerging technologies in support of cloud security efforts, and recommend technologies that will increase the enterprise security posture.
Participate in the research, analysis, design, and implementation of cloud security technologies and solutions.
Acquisition & Deployment
Recommend security controls and systems to support business goals of the company.
Implement security systems that have positive budgetary impact by reducing costs and increasing productivity.
Enhance the company's information assets by contributing to its security, integrity, efficiency, availability, and accuracy.
Work closely with Cloud Center of Excellence and related DevOps teams to plan, coordinate and implement security measures to safeguard information in cloud solutions against accidental or unauthorized damage, modification or disclosure.
Maintain up-to-date detailed knowledge of the cybersecurity industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors, especially regarding cloud environments.
Participate in the design, engineering, configuration, operation and maintenance of secure and scalable cloud services (IaaS, PaaS and SaaS).
Work in collaboration with application and support teams to review and resolve security-related issues affecting cloud services (IaaS, PaaS and SaaS).
Perform strategic analysis; apply advanced principles, theories, and concepts to resolution of problems.
Establish and communicate design and architecture standards via mentoring, technical presentations, and white papers.
Interact with all levels of employees and vendors, including executive management, technical personnel, and contractors.
Maintain up-to-date cloud security configuration baselines based on industry standards (such as CIS, NIST, or Microsoft Security Baselines).
Maintain operational configurations of all in-place security solutions as per the established baselines.
Monitor in-place cloud security solutions for efficient and effective operations.
Participate in investigations into potential security events, with a focus on cloud environments.
Participate in vulnerability assessments and security audits of cloud systems.
Provide on-call support for in-place cloud security solutions, as needed.
Track daily work in project management software.
Assist with Change Management preparations and implementations when needed, providing technical subject matter expertise.
Evaluate cloud services and products; perform product proof of concept analysis.
Assist in the integration of cloud security solutions.
Provide security analysis and consultation services for product, system, and cloud architecture designs.
Attend and lead meetings with the team and with other IT groups.
Assist with other projects as may be required to contribute to efficiency and effectiveness of the security program.
Participate in hiring activities and fulfilling affirmative action obligations and ensuring compliance with the equal employment opportunity policy.
10% travel is required
Work outside the standard office 7.5 hour workday may be required with on-call availability.
Formal Education & Certification
Bachelor degree or foreign equivalent in related field or equivalent experience.
Preferred CISSP or GIAC security certification
Preferred Microsoft Azure, AWS, or Google Cloud certification
Knowledge & Experience
10+ years IT experience.
5+ years of Windows or Linux scripting or administration or experience with managing middleware application technologies.
Proven experience in planning, organizing, and developing IT security solutions.
Experience engineering, building, and maintaining secure cloud configurations or solutions.
Working knowledge of one or more leading cloud solutions, such as Azure, AWS, GCP, or Oracle Cloud.
2+ years experience with APIs, scripting, and automation.
Understanding of the key underlying enterprise middleware technologies, e.g., Apache, Tomcat, WebLogic, WebSphere, JBoss, including how they are configured and administered.
Working knowledge of security baselines, such as CIS, NIST, or Microsoft Security Baselines.
Preferred Experience in one or more of the following Security areas:
Experience presenting and communicating with all levels of personnel, from technical to executive staff.
2+ years hands-on with containerization technologies such as Kubernetes or Docker.
2+ years hands-on with Continuous delivery, DevOps, and automation of deploying applications in the cloud.
Experience working with an Infrastructure-as-Code tool like Terraform, Ansible or Puppet.
Previous experience documenting security policies, standards, guidelines, or baselines.
Experience implementing CSPM, CWPP, and/or CASB solutions.
Experience evaluating cybersecurity threats and vulnerabilities.
Understanding of CVSS, CVE, MITRE ATT&CK, and/or other security standards.
Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Qualys, Nessus, or Metasploit.
Experience building and supporting OS platforms in a large enterprise (Linux or Windows)
Experience utilizing SIEM solutions (Splunk, QRadar, ArcSight, LogRythm, Azure Sentinel, etc.) to search system logs for troubleshooting or security investigation purposes.
Superior analytical, evaluative, and problem-solving abilities.
Ability to effectively prioritize and execute tasks in a high-pressure environment.
Excellent written, oral, and interpersonal communication skills.
Ability to conduct research into security issues and products as required.
Ability to present ideas in business-friendly and user-friendly language.
Highly self-motivated and directed.
Keen attention to detail.
Ability to motivate in a team-oriented, collaborative environment.
Strong commitment to inclusion and diversity.
Must be legally authorized to work in country of employment without sponsorship for employment visa status now or in the future.
Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.
Primary Location: United States-Ohio-CLEVELAND
Work Locations: USA OH Cleveland Prospect Ave Headquarters
101 West Prospect Ave
Sherwin-Williams is proud to be an Affirmative Action, Equal Employment Opportunity, Inclusion and Diversity Supportive Employer. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identify, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
VEVRAA Federal Contractor requesting priority referral of protected veterans.