We are seeking a Senior Cloud Security Engineer responsible for conducting security assessments, monitoring threats, managing security tools, and ensuring compliance with security standards. The role involves incident response, risk assessment, cloud security guidance, and collaboration with stakeholders to enhance the overall security posture.
Roles and Responsibilities:
Conduct security assessments, vulnerability assessments, and penetration tests on systems and applications to identify weaknesses and recommend remediation actions.
Monitor and analyze security alerts, events, and incidents to promptly detect and respond to threats.
Manage and maintain security tools and technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems.
Proactively monitoring Key Risk Indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk and control gaps.
Seen as the cloud-security and cloud-compliance SME by the teams you support.
Participate in incident response activities, including containment, investigation, and recovery, in the event of a security incident.
Stay updated with cybersecurity threats, vulnerabilities, and industry best practices to ensure the organization remains secure.
Ability to provide security guidance for physical, virtual, and code infrastructure.
Provide vendor due diligence reviews, including SOC2 and vendor risk assessments.
Drive change to improve the overall security posture.
Ensure the protection of Organization information assets through the technical enforcement of organizational security standards and policies.
Ensure technology risk impacting the business is effectively identified, quantified, communicated, and managed, including recommendations for resolution and identifying the root cause.
Serve as a point of escalation and subject matter expert for IT Risk and Cyber domains, including vulnerability management, data protection, cloud and application security.
Collaborate with team members and stakeholders on firm-mandated audits and take responsibility in performing the required reviews associated with the audit.
Review IAM control standards, objectives in regular basis and perform access reviews associated with it
Be the trusted advisor to ensure security of designs and blueprints for application architectures and cloud platforms.
Design and maintain automated workflows to streamline security operations.
Establish solid relationships with other teams and provide advisement as needed.
Build and cultivate a security focused culture through partnership and collaboration with the business and technology teams.
Expected Expertise & Skillsets:
Expert understanding of common information security standards and best practices. Experience in Security and regulatory compliance standards and frameworks
Configure, deploy, and manage enterprise security tools including such as log management (SIEM), antivirus, intrusion prevention, data leak prevention, and application scanning and remediation.
Researches, analyzes, and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within CACU.
Solid understanding of system development life cycle (SDLC) and provide security recommendations and oversight.
Azure Cloud security experience (Preferred 2 years).
Minimum 3 to 4 years of experience in cloud security
Hands on experience securing public cloud workloads in a hybrid, corporate environment.
Security, risk, and compliance experience with Cloud Platforms.
Knowledge of security controls, configuration management, and vulnerability management in public cloud.
Solid understanding of firewalls, WAFs, Web Gateways, and IPS
Excellent problem-solving and analytical skills with the ability to quickly isolate problems, collect data, establish facts, and draw valid conclusions.
Practical understanding with Agile, ITIL, monitoring, and metrics
Cloud security, Vulnerability assessment, Penetration testing, SIEM, Firewalls, Intrusion detection, Risk management, compliance, IAM, Security automation, Azure security, SDLC, Agile, ITIL, Data protection, Threat analysis, Security architecture, Regulatory compliance, Security controls, Cloud workload protection.