CloudOps Engineer
Description
Job ID 8432
Why Ness
We know that people are our greatest asset. Our staff’s professionalism, innovation, teamwork, and dedication to excellence have helped us become one of the world’s leading technology companies. It is these qualities that are vital to our continued success. As a Ness employee, you will be working on products and platforms for some of the most innovative software companies in the world.
You’ll gain knowledge working alongside other highly skilled professionals that will help accelerate your career progression.
You’ll also benefit from an array of advantages like access to trainings and certifications, bonuses, and aids, socializing activities, and attractive compensation.
Requirements and responsibilities
Cloud Engineer with a strong focus on Identity and Access Management (IAM) and AWS infrastructure.
The ideal candidate will be responsible for maintaining the security posture of our AWS environment, managing user lifecycles, and ensuring that all cloud resources follow the principle of least privilege. At a high level the role is one of support 90% , working on tickets received in Jira. The rest of 10% are internal team tasks which are in the same technical sphere but they are not tracked in the same Jira Space. The role assumes also interaction with many different teams because sometimes the role depends on someone else's job and vice versa.
- IAM Policy Engineering: Design, test, and deploy fine-grained JSON policies (Identity-based, Resource-based, and Permission Boundaries).
- Access Governance: Perform regular audits of IAM users, roles, and groups to identify and decommission unused permissions or "shadow" access.
- Cross-Account Management: Maintain and secure multi-account environments using AWS Organizations and Service Control Policies (SCPs).
- Security Troubleshooting: Act as the point of contact for resolving complex "Access Denied" issues across various AWS services (S3, EC2, Lambda, etc.).
- Identity Federation: Manage SSO integrations and OIDC/SAML providers to streamline developer access to AWS consoles and CLI.
- Secrets & Encryption: Oversee the lifecycle of secrets in AWS Secrets Manager and manage encryption keys via KMS.
- Automation: Use AWS CLI or IaC (Terraform/CloudFormation) to automate repetitive security tasks and resource provisioning.
- 1.5 - 3 years of hands-on experience specifically within the AWS Ecosystem;
- Deep understanding of IAM Evaluation Logic (how SCPs, Boundaries, and Policies interact);
- Experience with AWS CloudTrail and CloudWatch for monitoring and forensic analysis;
- Proficiency in scripting (Python or Bash) to interact with AWS APIs;
- Familiarity with S3 security (Bucket Policies, ACLs, Public Access Block);
- AWS (99% IAM and IAM Identity Center when it comes to console);
- Basic terraform code/syntax knowledge;
- Basic knowledge of YAML and JSON syntax;
- Knowledge of AWS CloudFormation as the IAM policies are 90% described in CF;
- Basic knowledge of Jira and Confluence;
- The basic Github Skills regarding working with branches, PRs (actually basic Github tools for SDLC).
Not checking every single requirement?
If this role sounds good to you, even if you don’t meet every single bullet point in the job description, we encourage you to apply anyway. For most of the candidates that applied, we found a role that was a very good fit with their skills.
Let’s meet and you may just be the right candidate for one of our roles.
At Ness Digital Engineering we are willing to build a work culture that is based on diversification, inclusion, and authenticity.