About the Role:

• CBRE Global Cyber Security Office
• The Global CSO's mission is to mitigate cyber security risk by actively working with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally.

We are working to build a progressive product team with a mindset toward being agile and solving problems iteratively.

This role will support the Reporting and Automation product team with an expectation to design, build, and maintain bespoke automation, integrations, and internal tooling.

Being in a senior position at the start of this team, we would want you to help shape the direction of the team moving forward.

You do not have to have experience in all skills listed to be qualified for the position.

If you have years' worth of relevant similar experience, we still want to talk to you.

What You'll Do

• Ensuring operational integrity of Global Cyber-Security Office Dev Sec Ops reporting and automation; including: o Hosting Security Tools and Scanning Agents o Extracting data from Third party vendor applications via API o Building extraction, cleaning, and refinement processes for ETL jobs
• Understanding of AWS EKS Kubernetes cluster for application hosting
• Capable of triaging, debugging and root cause analysis of various commonly used Cloud Provider services such as IAM, Compute, Storage, DNS, Certificate & Secrets Management
• Building and maintaining automation, governance, and reporting around organization secrets management
• Tracking, comparing and reporting SLOs, and SLIs against defined SLAs to ensure reliability and availability
• Designing, building, and maintaining bespoke automation, internal tooling, APIs, and integrations for backend systems with a strong preference for Python and supporting familiarity with Bash, Ruby, and/or Go
• Automating the collection, normalization, and reporting of metrics from Dev Sec Ops tools and implementing App Sec log ingestion at scale using tools such as Logstash, Data Dog, Prometheus, and Python-based services or scripts
• Supporting bespoke development and automation tasks for internal cyber security stakeholders, including reporting workflows, data transformation, system integration, and operational tooling
• Have well founded opinions and be willing to express your disagreement when something doesn't pass the ‘smell test’ for you.

What You'll Need

• 3-5 years of hands-on Python development experience building production-grade automation, scripts, APIs, data workflows, and internal services
• 2-3 years of experience automating multiple systems using Python as a primary language, with additional experience in Bash, Ruby, and/or Go
• 2-3 years of experience with Python ecosystem practices such as dependency management, virtual environments, testing, packaging, REST API integration, and secure coding fundamentals
• 2-3 years of experience with RDBMS databases such as Postgres, MySQL, and MS SQL Server
• Base experience with Kubernetes, and understanding of manifest management with Helm
• Base experience solutioning with AWS services such as IAM, KMS, EC2, EKS, S3, Route53, CloudFront, ACM, Secrets Manager
• Base experience solutioning and working with one or more other cloud providers aside from AWS such as GCP, Alibaba, Azure
• Base experience writing, and running Terraform
• 2-3 years’ Linux systems administrator experience or equivalent skills
• Base experience or equivalent skills with DevOps or CICD pipelines (GitHub Actions, GitLab, etc.)
• Base understanding of source control management and practices using Git and GitHub
• Base understanding of Infrastructure as Code
• Bachelor's degree (BE/BA/BS) in a related field of work or equivalent work experience.