Job responsibilities
- Support the execution and enhancement of a long term information risk and control strategy designed to keep the information assets of the public cloud secure.
- Lead cloud infrastructure platform security review and threat modelling, including code reviews
- Deliver risk based assessments of secure technology controls relating to cloud services, cloud platforms and architectural components.
- Support business technology teams to understand firm control requirements and implementations across a broad range of cloud architectures.
- Contribute to documentation and agile processes in support of security programs.
- Interface with wider CTC teams ensuring platform integration with security operations, threat intelligence, IAM and network security.
Required qualifications, capabilities, and skills
- Formal training or certification on security engineering concepts
- Keen desire to understand and secure public cloud technology
- Eagerness to collaborate in a team, and comfortable in both virtual and office environments
- Self-disciplined, self-managed, self-motivated and strong sense of ownership, urgency, and drive
- Proficient verbal and written communication skills, including the ability to effectively participate in discussions and meetings with internal management, peer groups, regulators and senior stakeholders
- Hands on experience of developing, engineering or architecting within a public cloud environment
- Leadership experience would be advantageous
- Experience following agile practices like Test Driven Development (TDD) and Behavior Driven Development(BDD)
- Experience engineering with Terraform or infrastructure-as-code and Understanding of DevOps or CI/CD concepts
Preferred qualifications, capabilities, and skills
- Familiarity with Cloud Security Posture Management (CSPM) products
- AWS, Azure or Google Cloud certifications would be an advantage