- Improve AWS cloud security (Terraform, Helm, AWS resources and security services such as GuardDuty, Config, SecurityHub, Macie, WAF, CloudTrail, AWS Organizations etc.
- Implement security gates in pipelines and service tooling (Snyk, Burp, Bitbucket pipelines, YAML, Opsgenie & SecurityHub)
- Measure and visualise security scores for services (using tools like Looker or similar)
- Incident management (work with additional sources for gathering security events, such as audit logs and SIEM, and deliver it to the right people)
- Providing significant input to form a Security culture within the company
Required Skills & Abilities
- 3+ years experience within the Cloud Security field
- Security knowledge in Mobile Applications, Web Applications, Cloud Security, Networks, Operating systems
- Has practical experience in Technical controls, Operational Controls, Managing Controls within AWS
- Some experience in building the Secure Software Development Lifecycle phases (DevSecOps)
- Understanding Identity Management principles: SSO, OAuth, JWT, SAML
- Experience with writing scripts for automation (Python & bash)
- Must be able to use Jira and Confluence.
- Understand Business Continuity principles (Be able to understand BIA, DRP strategies Understanding MTD/ MTPOD, RTO RPO concepts)
- Understanding Disclosure Controls practices (Technical controls, Operational Controls, Managing Controls)
- Industry certifications are considered as a plus.
- Understanding the Secret Management process. (SSM, Vault, Thycotic, CyberArk)
- Understand Security Monitoring concepts. Have practical experience with the Event Correlation Systems (IDS/IPS, SIEM, AWS Cloud Specific )