Cengage Learning Cloud and Applications Security Engineer in Boston, Massachusetts


The Cloud Security / Application Security Engineer is an expert/lead role in the security team that typically manages / leads medium to large size projects working closely with Applications Dev and Cloud Operations teams at Cengage. You will be developing platform security policies, standards and best practices as well as develop solutions to enforce these in Cloud Formation. You will be working closely with DevOps, software developers and cloud teams to implement NEW security solutions.

This role will work under the general direction of VP of Security and Risk Compliance.


This role will be primarily responsible for:

  • Develop security architecture and guiding principles

  • Refine existing Cloud infrastructure vulnerability assessment program and increase coverage

  • Develop & build Security (both tools & processes) into the platform delivery standards

  • Development experience in Python, Java, and C/C++ Working knowledge of Perl, or Ruby

  • Working knowledge of OWASP practices

  • Work with operations team to implement disaster recovery and business continuity

  • Develop cloud formation integrated solutions to prevent un-encrypted storage of information / data in cloud

  • Develop cloud activity monitoringàalertàremediate solutions

  • Identify security vulnerabilities and risks, and develop mitigation plans

  • Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start

  • Knowledge of application security vulnerabilities and remediation technique

  • Experience in providing practical solutions that enable product teams to meet business goals while controlling security risk

  • Knowledge of and ability to exploit attack vectors such as Zero Day, SQL injection, XSS, CSRF, session-hijacking

  • Ability to promote secure design principles and a security-focused outlook across a large organization

  • Evaluate application security tools for internal consumption. Develop new automation to improve our detection and prevention capabilities.

  • Develop secure code practices and provide hands-on training and code-review to developers and quality engineers

  • Perform black-box penetration testing and code reviews of our flagship services, product offerings and partner apps


  • Tools: Nessus / Qualys – Application Programming Interfaces (APIs), Pivotal Cloud Foundry, Splunk

  • Technologies : AWS – Elastic Cloud Compute (EC2), Lambda, Config, IAM, CloudTrail, CloudFormation, CloudWatch, EBS, RDS, S3, Dynamo DB, KMS, Trusted Advisor, Inspector, Virtual Private Cloud (VPC) peering, Direct Connect, Elastic Load Balancing (ELB)

  • Coding languages: Python and other shell scripting languages

  • 5+ years of experience in infrastructure securit

  • 5+ years in product/applications security

  • 3+ years of experience in DevOp (cloud)

  • BS degree in Computer Science or similar combination of education and experience

  • Thorough understanding of cloud architecture: Containerization, Cluster, Networking & Content Delivery, Compute, Storage, Databases, Management Tools, Security, Identity & Compliance. Load Balancing, Network Segmentation, Virtual Private Cloud (VPC), Direct Connect


Job Locations US-MA-Boston

Posted Date 2 weeks ago

Requisition ID 2017-3820

Job Function Software Development