Cloud Security (InfoSec) Specialist
شارك هذه الوظيفة
موقع الوظيفة:
الراتب شهرياً:
تاريخ النشر:
نُشرت منذ أكثر من 30 يومًا
عدد الوظائف الشاغرة:
1 عدد الوظائف الشاغرة
ملخص الوظيفة
Job-Specific Skills & Responsibilities
The Cloud Security Engineer ensures secure and compliant cloud environments implementing governance risk and assurance practices while supporting cloud adoption and operational excellence.
Key Responsibilities
1. Cloud Governance and Standards
Establish and enforce cloud security policies standards and best practices.
Maintain compliance with internal policies and external regulations.
2. Risk & Exception Management
Conduct risk assessments on cloud services and workloads.
Propose compensating controls for exceptions.
Manage exception register with defined expiry and review cadence.
3. Identity & Access Governance
Design and implement RBAC/ABAC models SoD matrices privileged access patterns and break-glass procedures.
Lead quarterly access reviews and capture evidence.
4. Data Protection
Classify data and define encryption standards for data at rest and in transit.
Manage key lifecycle (KMS/Key Vault/Cloud KMS) including BYOK/HYOK guidance.
Implement DLP guardrails and data handling policies.
5. Logging & Monitoring
Define mandatory telemetry and logging requirements (CloudTrail Azure Activity GCP Audit).
Ensure log retention integrity controls and SIEM onboarding use cases.
6. Cloud Posture Management
Configure and tune CSPM CIEM and CNAPP policies.
Triage high-severity findings assign ownership and track remediation SLAs.
7. Incident Response Enablement
Develop cloud-specific IR playbooks (privilege escalation exposed storage key compromise).
Define evidence collection and containment procedures for SOC operations.
8. Compliance & Audit Readiness
Map controls to ISO 27001 GDPR Qatar Cloud Policy frameworks.
Produce test procedures and evidence plans; support audits with minimal findings.
9. Stakeholder Communication
Prepare clear risk narratives and decision records for engineering leads product owners and auditors.
10. Nice-to-Have / Advanced Skills
DevSecOps Oversight: Policy-as-code checks (OPA/Kyverno/Conftest) IaC compliance gates (Terraform/ARM/Bicep) artifact integrity (signing/SBOM/SLSA).
Kubernetes/Container Governance: Pod Security Standards admission policy enforcement registry controls runtime policy baselines.
SaaS Security Reviews: Conduct due diligence and ongoing assurance for high-risk SaaS applications (identity data residency logging export controls).
Data Residency & Sovereignty: Design guardrails and map regulatory constraints for regional compliance.
Requirements
Minimum Qualifications
Bachelors degree in Computer Science Information Security IT or equivalent hands-on experience.
Nice-to-have certifications: CCSP CISSP ISO 27001 Lead Implementer/Auditor Microsoft SC-100/SC-200 AWS Security Specialty GCP Cloud Security Engineer.
Knowledge of CIS Benchmarks ISO 27001/27017/27018 NIST 800-53/CSF CSA CCM MITRE ATT&CK (Cloud).
Minimum Experience
35 years in cloud security governance and assurance.
Hands-on experience with at least one major cloud provider (AWS Azure GCP).
Submission date: Please submit CVs on or before 02nd December 2025.
المجال
خدمات تقنية المعلومات واستشارات تكنولوجيا المعلومات
المهارات المطلوبة
- CCTV
- Low Voltage
- Network Management
- IDS
- Computer Networking
- Field Service
- ICD Coding
- Military Experience
- Security
- Security System Experience
- أمن المعلومات
- استكشاف الأخطاء وإصلاحها
