Your Role Responsibilities? Here's What You'll Do:
Develop security controls across cloud platforms (AWS, Azure, GCP) to enhance the security posture of our infrastructure.
Perform cloud-specific penetration testing to identify vulnerabilities, misconfigurations, and insecure APIs, followed by remediation.
Maintain automation scripts to improve cloud security processes, vulnerability scanning, and monitoring using tools like Python, Bash, or PowerShell.
Collaborate with DevOps and infrastructure teams to ensure the secure deployment of services using container technologies like Docker and Kubernetes.
Security incident response by analysing cloud-based security incidents and breaches.
Manage cloud security monitoring tools, SIEM solutions (e.g., ELK SIEM, splunkl), and provide real-time threat detection and incident response capabilities.
Ensure compliance with security standards and regulations (GDPR, HIPAA, NIST) within cloud environments.
Review and enhance security policies, IAM roles, and permissions to prevent unauthorized access and data breaches.
Participate in security audits, vulnerability assessments, and risk analysis to ensure understanding of industry best practices.
What We'd Like to See:
Technical Expertise: Strong experience with cloud platforms (AWS, Azure, Google Cloud), particularly in security services like AWS IAM, Security Groups, VPC, and Azure Key Vault.
Penetration Testing: Hands-on experience with cloud-specific pentesting tools (Prowler, ScoutSuite) and general security tools like Burp Suite, Metasploit, or Nessus.
Automation Proficiency: Advanced scripting skills (Python, Bash, PowerShell) to develop automation for security monitoring, testing, and incident handling workflows.
Container Security: Proficiency in securing containerized environments (Docker, Kubernetes) and managing cloud-native security solutions.
Incident Response: Experience with digital forensics, incident handling, and response in cloud environments, using logs (AWS CloudTrail, Azure Monitor) to trace and reduce incidents.
Compliance & Frameworks: Familiarity with security frameworks (CIS, NIST, ISO 27001) and experience implementing compliance measures in cloud-based infrastructures.
: complex security issues to all partners, ensuring clarity and applicable insights.
Certifications (Preferred): AWS Certified Security – Specialty, Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), or other relevant security certifications.
Your Responsibilities as a DevOps Security Engineer:
Collaborate closely with development, operations, and security teams to integrate security measures into the entire software development lifecycle (SDLC).
Automate security testing processes, such as Continuous Integration/Continuous Deployment (CI/CD) pipeline security checks, to identify vulnerabilities early in development.
Develop security playbooks and incident response plans tailored to cloud environments to ensure rapid response to security incidents.
Monitor cloud environments for vulnerabilities and potential threats using advanced security tools, ensuring proactive defence.
Could you provide mentorship to junior team members and guidance on cloud security best practices to promote a culture of security-first thinking?
Research and stay up-to-date with the latest cloud security threats, technologies, and best practices to ensure we remain to latest threats.
Participate in post-incident reviews and root cause analysis to improve response strategies and reduce future risks.