Lead Cloud Security Engineer

About the Role

As our Cloud Security Engineer IV / Lead you will be responsible for the security assessment of infrastructure/cloud. Implementing and managing security controls for cloud services which includes Secure configuration management for all Cloud native services setting up processes and guidelines. The goal is to build Seamless Security. We want you to redefine how developers view security eliminating friction and improving Security natively. You will work closely with other Security functions DevOps Architects and Developers and QA to build highly reliable and secure products on the cloud.

What will you do

• Understand the Multi-Cloud( AWSAzureetc) identity management ecosystem holistically and create a secure infrastructure Enforce compliance with IAM principles including least privilege access password management Audit logging RBAC user account lifecycle certificate management and system authentication solutions(SSO/Federation). Minimum of 3 years of experience with AWS and/or Azure.

• Prepare reference architectures for Developer adoption- Secure Cloud Architecture.

• Devise and implement Serverless Container and Kubernetes Security Strategies in the company.

• Deploy CNAPP(Cloud-Native Application Protection Platform)- CSPM CWPP solutions at a large scale.

• Lead Remediation for findings from CSPM(Cloud Security Posture Management) work with developers on targeted remediation based on prioritization

• Experience working with Infrastructure-as-Code (IaC) to secure-by-design solutions to mitigate/fix cloud security issues(Terraform Cloud formation etc)

• Build Tools to assist Engineering teams with the remediation of issues at scale across the Cloud.

• Building security tooling to aid with the protection of data stored in the cloud and compliant with relevant regulations- Enforcement of Cloud Data Protection Guidelines from the Risk team.

• Improve Web App Firewalls (WAF) prior experience with WAF rule fine-tuning a plus. Ensure early Identification of intrusion & attacks and implement countermeasures.

• Experience with solutions around DDoS and identifying Anti-bot patterns for critical flows.

• Partner with the SOC team for Security Incident Management and Remediation triage with Engineering across the ecosystem.

What are we looking for

• Overall 7 years of relevant experience

• Bachelors degree in Computer Science or a related technical discipline or equivalent practical experience.

• Solid understanding of MultiCloud including but not limited to Amazon Web Services (AWS) including VPC ELB IAM KMS EC2 S3 CloudTrail CloudFormation CloudWatch Cloud HSM AWS Encryption SDK RDS ELB AWS Route 53 CloudFront SNS and similar stack from Azure.

• Experience with enforcement of Security Best practices via Cloud Formation/Terraform IaC.

• Understanding of security frameworks and standards like OWASP & NIST Solid understanding of security protocols cryptography authentication authorization

• Good understanding of Linux and Windows OS TCP/IP protocol stack and networking fundamentals and security principles at all layers of the OSI stack

• Experience with API security AWS/Azure cloud security container security network security cryptography PKI certificate management

• Experience in CI/CD Tools Including Git Jenkins Ansible or similar

• Experience in designing cloud-native security architectures applying defense-in-depth strategies

• Advanced Expertise in at least one language Shell scripting/Python/Go/NodeJS and AWS CLI

• Expert knowledge of container security (Docker/Kubernetes) Container security tools such as Twistlock and Aqua Security etc

• Experience with third-party/open-source cloud security tools

• Experience with tooling and systems for a build infrastructure automation and monitoring