The Cloud Security Engineer will be primarily responsible for engineering, monitoring and operating cloud security solutions. The Engineer will also be responsible for identification, investigation, and resolution of security breaches detected by cloud security monitoring systems.
The Cloud Security Engineer’s responsibilities also include contributing to the creation and maintenance of cloud security operational frameworks, policies, standards, baselines, guidelines, and procedures as well as monitoring compliance of cloud service providers.
Acquisition & Deployment
- Participate in the creation of firm security documents (operational frameworks, policies, standards, baselines, guidelines, and procedures) specific to cloud environments.
Nice to Have
- Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing solutions in accordance with the firm’s Global Information Security Policy.
- Evaluate new cloud security solutions and vendors to ensure they meet existing security standards.
- Enhance and integrate secure cloud solutions into our Managed Cloud Platforms.
- Be the subject matter expert on cloud security operations.
- Monitor, troubleshoot, and improve current security solutions for stability, reliability, and performance against our security baselines.
- Maintain up-to-date, detailed knowledge of new or updated security solutions, enhanced security processes, and the development of new attacks and threats.
- Recommend security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Expertise with orchestration/ automation tools like Ansible and code management tools (GIT), GitLab.
- Good understanding of IT technologies and practices (DevSecOps, CI/CD).
- Working experience with CIS benchmarks, ISO27k, NIST 800-53 V4 and OWASP Top 10
- Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (e.g. security tools) or in-direct control (e.g. workstations, servers, network devices).
- Design and implement new cloud security tools/solutions within SecOps processes as per established security baselines.
- Review logs and reports of all in scope logging devices, whether they be under direct control (e.g. security tools) or in-direct control (e.g. workstations, servers, network devices). Interpret log results and devise plans for appropriate resolution.
- Formulate cloud incident response procedures and participate in investigations for cloud incidents.
- Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
- Provide on-call support for end users for all in-place security solutions.
- Security operations center (SOC) experience is desirable.
Education & Certification
University degree in the field of Computer Science, Engineering or a related discipline.
One or more of the following certifications:
Knowledge & Experience
- Cloud certifications such as Azure Fundamentals, Azure Security Engineer, AWS Technical Essentials
- Certifications such as but not limited to CISSP, CCSP, CCSK.
- Experience with cloud-based infrastructure such as Azure, AWS, GCP.
- Experience with cloud-native security tools for IaaS, PaaS, micro-severs and serverless.
- Extensive experience in securing operating systems, firewalls, networks, systems, databases and application architectures.
- Experience with antivirus, IDS/IPS, WAFs, NSG, Express route, Application Firewalls.