Cloud Security SME

Description

Key Responsibilities

Provides architectural & engineering leadership to cloud infrastructure cybersecurity programs

Works closely with subject matter experts to develop and deliver a complete and integrated cloud infrastructure cybersecurity architecture across Iaas, PaaS, containers, and serverless

Continuously and proactively assesses corporate cloud resources for cybersecurity weaknesses, and prioritizes plans to strengthen

Develop and maintain information security standards, procedures & guidelines and review/approve exceptions. Refine, configure and implement application roles, review and monitor access controls and process routine & emergency system access requests.

Monitor events, collate and analyze data to assess the environment for information security risk, policy violations, & unusual activity and perform root cause analysis.

Architect and implement new or updates to security solutions. Provide technical advice to clients and teams on design, installation and maintenance of information security.

Evaluate Cloud services to ensure information and personal information security. Work with project teams to design, implement and support information security best practices.

Lead internal and external assessments and audits. Remediate identified issues and implement compensating controls. Assist with information security administration processes and practices violation investigations.

Monitors and directs contingent workers in the delivery of project and support services. Evaluates contingent worker KPI's and provides timely updates to management. Responsible for approving contingent worker timesheets. Adheres to compliance processes and procedures

Functional Knowledge

Demonstrates depth and/or breadth of expertise in own specialized discipline or field

Business expertise

Interprets internal/external business challenges and recommends best practices to improve products, processes or services

Has a good understanding of industry standard frameworks (NIST, CIS etc.)

Leadership

May lead functional teams or projects with moderate resource requirements, risk, and/or complexity

Problem Solving

Leads others to solve complex problems; uses sophisticated analytical thought to exercise judgment and identify innovative solutions

Impact

Impacts the achievement of customer, operational, project or service objectives; work is guided by functional policies

interpersonal Skills

Communicates difficult concepts and negotiates with others to adopt a different point of view

When required, act as a good mentor and train junior engineers appropriately

Information Security threat landscape continues to remain increasingly complex and require constant vigilance to secure a large, global enterprise. This position will collaborate with various stakeholders within IT, Legal, HR, and business units to assess and provide information security assessment & gaps to be addressed and driven for closure. This position will work on assessing the security controls of new & existing applications & processes. This position will work closely with business managers, and IT to communicate the importance and need for enhanced security controls.

CORE RESPONSBILITES:

Develop, implement, and maintain security assessment processes & tools to review the security controls in cloud-based applications

Conduct security assessment on internal applications/infrastructure and deliver reports detailing assessment observations and associated recommendations for information security program development to help the client meet security and compliance standards.

Align standards, frameworks and security with overall business and technology strategy

Identify security design gaps in existing and proposed architectures and recommend changes or enhancements

Develop, implement, and maintain security assessment processes & tools to review the security controls in on premise and cloud-based applications

Evaluate and asses impact of cloud applications on the overall Enterprise Architecture as it relates to information security

Conduct security assessment on internal applications/infrastructure and deliver reports detailing assessment observations and associated recommendations for information security program development to help the client meet security and compliance standards.

Perform technical research into advanced, targeted attacks, crimeware campaigns, malware and other emerging technologies and techniques to identify and report on cyber-attacks and attackers

Perform proactive research to identify, categorize and produce reports on new and existing threats

Display strong technical aptitude with: IT Security, Enterprise Firewalls, Intrusion Detection and Prevention, EDR, Email Security, Server and application monitoring, Windows and Linux based Web Services.

QUALIFICATIONS:

BA/BS in Information Technology or related field from an accredited university

Minimum of 6-9 years of experience in a combination of information security, risk management, security review, and incident response

Knowledge of common information security management frameworks, such as ISO/IEC 27001,ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework

Experience in using standard Security Assessment and Penetration Testing tools.

Knowledge on application security, EDR, email security, Identity management, networks, firewalls and multiple operating systems

High degree of competence with Microsoft Office Productivity Applications

Ability to assess, validate and incorporate new tools, practices, and process to gain efficiencies in the areas of cyber security & intellectual property protection

Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies

Demonstrated experience in supporting information security in global company

Ability to work alone as an individual contributor, as a technical lead and as a key participant in collaboration across global teams

The individual must be an independent, con dent, persistent and results-oriented individual - not an order-taker but rather one who contributes ideas and opinions to ensure sound solutions are implemented.

Able to deal with in uencing skills, ambiguity and work independently with minimal supervision/guidance.

Excellent English communication and solid oral, written communications, problem solving, commitment to task, ability to lead and in uence change.

Preferred Certifications:

Certified Cloud Security Professional (CCSP)

AWS or Microsoft Azure Cloud Security Certifications

GIAC Security Essentials (GSEC)

Certified Information Systems Security Professional (CISSP),