Cloud Security Engineer
Description
Responsibilities
• Identify and Implement security controls (detective and preventive) in AWS to achieve the following,
▪ Real-time visibility into management plane events
▪ Analysis of events and auto-remediation where feasible
▪ Implement controls to ensure a secure network architecture
▪ Implement controls to prevent data exfiltration from the cloud data stores
▪ Implement sound identity control mechanisms
• Implement security controls in the build pipeline to ensure early detection and prevention of misconfigurations
• Work with various teams to identify gaps, recommend, and validate new security controls
• Carry out Security Controls Assessment to validate that systems are secure enough to be operational
• Develop and maintain security standards and guidelines
Required Skills
• Sound experience and knowledge of AWS - Security services, Networking Services, Identity Management, Data Security and more,
- Security Services (ex: GuardDuty, CloudTrail, Config Rules, Key Management, Cloud HSM, Network Firewall, Macie, DNS Firewall)
- Event Management and Analysis (ex: CloudTrail, CloudWatch Logs, Events/Logs, Athena)
- Networking Services – ACLs, Transit Gateways, Peerings, VPC endpoints and more
- Data Security – Secure bucket policies, Scans to detect sensitive data leakage and more
- Identity Management – Identify over permissive roles in IAM, insecure cross-account sharing and more
• Experience interacting with AWS services using any of the following – Terraform, CloudFormation, CDK, or any other programmatic interfaces
• Some experience with various types of production workloads – web workloads, data store, analytics etc.
• Experience using a version control system (preferably Git), using build runs (Gitlab, Jenkins, etc.)
• Good written communication skills
Nice-to-have
• Experience with application development (Python, Go, Node etc.) would be a plus
• Knowledge of servers and system administration skills would be a plus
• Experience with cloud posture management tools