Lead Cloud Security Engineer

About the Role

As our Cloud Security Engineer IV / Lead, you will be responsible for the security assessment of infrastructure/cloud. Implementing and managing security controls for cloud services which includes Secure configuration management for all Cloud native services, setting up processes and guidelines. The goal is to build Seamless Security. We want you to redefine how developers view security, eliminating friction and improving Security natively. You will work closely with other Security functions, DevOps, Architects and Developers, and QA to build highly reliable and secure products on the cloud.

What will you do?

• 
  

  Understand the Multi-Cloud( AWS,Azure,etc)  identity management ecosystem holistically and create a secure infrastructure, Enforce compliance with IAM principles including least privilege access, password management, Audit logging, RBAC, user account lifecycle, certificate management, and system authentication solutions(SSO/Federation). Minimum of 3 years of experience with AWS and/or Azure.

  
  


• 
  

  Prepare reference architectures for Developer adoption- Secure Cloud Architecture.

  
  


• 
  

  Devise and implement Serverless, Container, and Kubernetes Security Strategies in the company.

  
  


• 
  

  Deploy CNAPP(Cloud-Native Application Protection Platform)- CSPM, CWPP solutions at a large scale.

  
  


• 
  

  Lead Remediation for findings from CSPM(Cloud Security Posture Management), work with developers on targeted remediation based on prioritization

  
  


• 
  

  Experience working with Infrastructure-as-Code (IaC) to secure-by-design solutions to mitigate/fix cloud security issues(Terraform, Cloud formation, etc)

  
  


• 
  

  Build Tools to assist Engineering teams with the remediation of issues at scale across the Cloud.

  
  


• 
  

  Building security tooling to aid with the protection of data stored in the cloud and compliant with relevant regulations- Enforcement of Cloud Data Protection Guidelines from the Risk team.

  
  


• 
  

  Improve Web App Firewalls (WAF), prior experience with WAF rule fine-tuning a plus. Ensure early Identification of intrusion & attacks and implement countermeasures.

  
  


• 
  

  Experience with solutions around DDoS and identifying Anti-bot patterns for critical flows.

  
  


• 
  

  Partner with the SOC team for Security Incident Management and Remediation triage with Engineering across the ecosystem.

  
  

What are we looking for?

• 
  

  Overall 7+ years of relevant experience

  
  


• 
  

  Bachelor's degree in Computer Science or a related technical discipline, or equivalent practical experience.

  
  


• 
  

  Solid understanding of MultiCloud including but not limited to Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2 S3 CloudTrail, CloudFormation, CloudWatch, Cloud HSM, AWS Encryption SDK, RDS, ELB, AWS Route 53 CloudFront, SNS and similar stack from Azure.

  
  


• 
  

  Experience with enforcement of Security Best practices via Cloud Formation/Terraform IaC.

  
  


• 
  

  Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization

  
  


• 
  

  Good understanding of Linux and Windows OS, TCP/IP protocol stack and networking fundamentals, and security principles at all layers of the OSI stack

  
  


• 
  

  Experience with API security, AWS/Azure cloud security, container security, network security, cryptography, PKI, certificate management,

  
  


• 
  

  Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar

  
  


• 
  

  Experience in designing cloud-native security architectures applying defense-in-depth strategies

  
  


• 
  

  Advanced Expertise in at least one language, Shell scripting/Python/Go/NodeJS, and AWS CLI

  
  


• 
  

  Expert knowledge of container security (Docker/Kubernetes), Container security tools such as Twistlock and Aqua Security, etc

  
  


• 
  

  Experience with third-party/open-source cloud security tools

  
  


• 
  

  Experience with tooling and systems for a build, infrastructure automation, and monitoring