Role Description As part of a global security engineering team, the Cloud Security Engineer designs, builds, and operates cloud-native and next-generation network security controls that protect enterprise workloads across AWS, OCI, and hybrid environments. This role blends deep expertise in cloud networking, modern firewall platforms, automation, and zero-trust architecture. You will engineer scalable, resilient, and compliant security boundaries that support distributed on-prem devices, remote users, and mobile endpoints across a global footprint. The starting salary is expected to be around $110,000 and will be commensurate with experience. What You’ll Do - Design and implement cloud-native network security architectures across AWS and OCI, including VPC/VCN segmentation, private connectivity, and identity-aware access patterns. - Engineer and operate next-generation firewall platforms (Palo Alto, Check Point, Fortinet, Cisco) and cloud firewalls (AWS Network Firewall, OCI Network Firewall, Security Groups, NACLs). - Develop and maintain scalable firewall and network security policies, including segmentation, micro-segmentation, NAT, VPNs, and egress/ingress controls across hybrid environments. - Automate security guardrails and firewall operations using Terraform, CloudFormation, Ansible, Python, PowerShell, Bash, or API-driven workflows. - Integrate network security controls with cloud and hybrid infrastructure, including Transit Gateway, Direct Connect, OCI FastConnect, Cloud WAN, load balancers, DNS, and service-to-service communication patterns. - Support secure connectivity for distributed on-prem devices and mobile endpoints, including VPN clients, mobile access gateways, ZTNA/SASE integrations, and secure remote access for laptops, tablets, and smartphones. - Monitor and enhance network security posture using cloud-native logging, monitoring, and detection tools (CloudWatch, OCI Logging/Monitoring, Panorama, FortiManager, SIEM platforms). - Participate in incident response for cloud and network security events, including triage, containment, and root cause analysis. - Collaborate with cloud, platform, and application teams to embed secure-by-default patterns into architectures and CI/CD workflows. - Contribute to resilience and disaster recovery strategies for network and firewall infrastructure. Qualifications - Bachelor’s degree in Cybersecurity, Computer Science, IT, or related field. - Certifications such as PCNSE, Fortinet NSE 4/5/7, CCNP/CCIE Security, AWS Security Specialty, OCI Security Professional, preferred. - Experience with DevSecOps practices, CI/CD-driven security automation, or platform engineering. - Background supporting large-scale, regulated, or globally distributed environments. - Strong understanding of cloud networking and security across AWS and OCI. - Hands-on experience with next-generation firewalls (Palo Alto, Fortinet, Check Point, Cisco). - Proficiency with infrastructure-as-code and automation (Terraform preferred; CloudFormation, Ansible, Python, PowerShell, Bash). - Deep knowledge of network and security protocols (TCP/IP, DNS, DHCP, IPSec, SSL/TLS, routing). - Experience with cloud-native monitoring and logging (CloudWatch, OCI Observability, Panorama, FortiManager, SIEM). - Solid understanding of Zero Trust, segmentation, and least-privilege access models. - Experience supporting distributed on-prem devices and mobile connectivity, including VPN clients, ZTNA/SASE, and secure remote access. - Familiarity with compliance frameworks (PCI DSS, SOX, ISO 27001, NIST 800-53/CSF, HIPAA). - Strong analytical and troubleshooting skills across hybrid cloud and on-prem environments. - Excellent communication and collaboration skills. - Ability to collaborate with internal and external stakeholders across multiple functions and locations. - Flexible and adaptable; ability to work effectively in ambiguous situations. - Excellent verbal and written communication skills. - Results driven, ability to make decisions and help solve problems. - Ability to work under minimal supervision with a goal-oriented mindset. - Ability to see the big picture and leverage critical thinking and decision-making skills. - Excellent organization, time management and prioritization skills. Benefits - Up to 40% off the base rate of any standard Hertz Rental. - Paid Time Off. - Medical, Dental & Vision plan options. - Retirement programs, including 401(k) employer matching. - Paid Parental Leave & Adoption Assistance. - Employee Assistance Program for employees & family. - Educational Reimbursement & Discounts. - Voluntary Insurance Programs - Pet, Legal/Identity Theft, Critical Illness. - Perks & Discounts – Theme Park Tickets, Gym Discounts & more. Company Description The Hertz Corporation operates the Hertz, Dollar Car Rental, Thrifty Car Rental brands in approximately 9,700 corporate and franchisee locations throughout North America, Europe, The Caribbean, Latin America, Africa, the Middle East, Asia, Australia and New Zealand. The Hertz Corporation is one of the largest worldwide airport general use vehicle rental companies, and the Hertz brand is one of the most recognized in the world. At Hertz, we champion and celebrate a culture of diversity and inclusion. We take affirmative steps to promote employment and advancement opportunities. The endless variety of perspectives, experiences, skills and talents that our employees invest in their work every day represent a significant part of our culture – and our success and reputation as a company.

• Technical Analysis: Reconstruct, investigate, and track cloud intrusions leveraging cloud service provider activity logs (AWS CloudTrail, Azure Activity Logs) and document findings • Enhance understanding of observed cloud activity by reproducing the activity in a test cloud environment • Create tools to automate analysis tasks and tracking of threat actors • Write cloud-activity-based (KQL, Amazon Athena), host-based (Yara) and network-based (Snort/Suricata) signatures suited for large-scale hunting, detection, and tracking of threats • Perform a technical analysis and reverse engineering of tools related to threat activity within the cloud environment or as part of cloud-conscious intrusions • Intelligence Reporting: Produce high-quality, actionable intelligence reporting • Collaborate with our interdisciplinary team to coordinate adversary and campaign tracking, and to provide support to teams developing mitigation strategies and responding to incidents

• Develop, update, and test cloud security policies (Azure) • Create and maintain CI/CD pipelines for deploying policies to cloud environments • Translate Information Security policies into technical controls in Azure • Implement preventive and detective controls to mitigate cyber risks • Work with Infrastructure as Code (IaC) to standardize environments • Ensure security integration in pipelines (DevSecOps) • Manage secrets, tokens, and certificates using secure mechanisms (e.g., Key Vault) • Work with access control (RBAC) and identity governance • Perform troubleshooting of critical and high-visibility issues • Collaborate with global, cross-functional teams • Participate in change management processes and CMDB

• Provide personalized support by addressing learner questions related to course content and projects. • Prior to the call mentors are expected to review the students' previous project submission(s) - provided by the Mentor Success Team when available - and/or any specific areas of the Nanodegree content or project that the student has expressed confusion or difficulty with. • For concept deep-dives, mentors will come prepared with a slide presentation that reviews a Nanodegree concept in more detail, share different use-cases for the concept to broaden student perspectives and understanding, and hold a Q&A session with the learners. • For project walkthroughs, a mentor will come prepared with a slide presentation that outlines each element of the rubric to help learners understand expectations and typical problem areas they may encounter. This can include a mentor “grading” a sample submission to demonstrate what mentors are looking for when reviewing projects. • Host regular sessions (via Slack or video) to address learner queries related to projects and coursework. No prior preparation required.