Cloud Security Engineer

Job Description

Job Description

Responsibilities:
1. Developing, testing, and deploying Azure/AWS/GCP Security Controls across the firm’s cloud tenants through 3rd part SaaS solutions
2. Evaluating Firm cloud security requirements and assess how these can be implemented into Detective cloud controls, for all CSPs
3. Working closely with vendors and partner squads to develop, deploy, and test Cloud security services
4. Developing and generating compliance reports that showcase the cloud infrastructure’s drift management status
5. Working with resource owners to remediate configuration drifts
6. Defining priorities, coordinating with peer teams, and leading continuous improvement efforts of security tools, systems and processes
7. Research, investigate and implement newer technologies to continually evolve security capabilities
8. Integrating, configuring, documenting, and deploying compliant infrastructure and supporting services in the Cloud platform
9. Troubleshooting problems, analysing root cause, and (where possible) fixing bugs introduced by owned or managed security solutions
10. Collaborating with Risk Management, Security Architecture, and Cyber Incident Response teams to ensure necessary controls to Cloud services are deployed and tested
11. Working in a globally distributed team to provide innovative and robust Cloud-centric solutions Must-have skills:
1. Deep knowledge of at least one of the 3 main Cloud Service Providers (Azure, AWS, GCP)
2. Knowledge of the Shared Responsibility Model; keen understanding of the security risks inherent in hosting cloud-based applications and data
3. Experience developing across the security assurance lifecycle (mainly detect & respond controls)
4. Experience configuring native CSP security tooling and capabilities
5. Deep understanding of DevOps processes and workflows.
6. Working knowledge of the Secure SDLC process.
7. Experience with Infrastructure as Code (IaC) tooling such as Terraform
8. Strong in scripting languages such as PowerShell, Python and Bash.
9. Experience creating technical architecture documentation.
10. Excellent communication, written and interpersonal skills.
11. Experience in IT Service Management.
12. Ability to articulate complex technical concepts to non-technical stakeholders. Nice to have skills:
1. Experience with CSPM and SaaS 3rd party solutions Understanding of OPA/REGO Knowledge of Agile best practices and methodologies Familiarity with Logging and data pipeline concepts and architectures in cloud.
2. Experience with risk control frameworks and engagements with risk and regulatory functions
3. Experience in the financial industry Azure, AWS and/or GCP Certifications Security certification such as CISSP, GIAC, CISM, OSCP or equivalent Configuration management and patch management using automated tools
4. Experience with governance, risk and cybersecurity frameworks such NIST CSF, COBIT 5, ISO 27001/2, ITIL
5. Familiarity with standard Azure/AWS/GCP security tooling such as Security Command Center, VPC Service Controls, Azure Monitor, Azure Policy, AWS SCP, AWS Config, AWS IAM
6. Permission Boundary Practical experience in designing and configuring CICD pipelines. Practical experience in GitHub Actions and Jenkins. Team Profile: The Cloud Security team securely enables firm to leverage cloud-native and SaaS 3rd party services at enterprise scale. This team designs the security requirements that must be adhered to in cloud as well as builds the tooling and automation needed to provide enterprise capabilities to protect the firm and make securing workloads easier for application teams.