About The Role
Essential duties & responsibilities
Work within a dedicated security engineering function that accelerates the delivery of creative and secure capabilities for cloud products. Design and implement security architectures for cloud-based systems. Build security control framework and generic reference architectures for cloud based applications. Assist with identifying security requirements to be followed by LoB/Dev teams when building Cloud applications. Perform risk assessment, threat modeling and review existing cloud security architectures to identify potential areas of weakness or need for enhancement. Perform security assessments including threat modelling and security integration. Ensure that security design and controls are consistent with organisation's security architecture principals. Align cloud security practices with industry frameworks such as NIST, CIS, and CSA. Develop configuration hardening guidelines for Cloud Services (AWS, Azure, GCP) Provide expertise on encryption, key management, identity and access management (IAM), network security, and other cloud security technologies. Communicate effectively with stakeholders to provide regular updates on cloud security status and issues. Continuously evaluate the cloud security architecture for improvements and to accommodate changing cloud environments, accommodating for scalability, reliability, and availability. Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.
About You
Position Specifications3+ years of Information Security experience in areas of Information/Cloud Security In-depth knowledge of any public cloud technologies (AWS, Azure, Google Cloud Platform) and associated security risks and controls. Demonstrated knowledge of software development processes (SLDC/Agile/Iterative/DevOps) Experience of delivering security solution architecture from end-to-end. Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD) Security architecture assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle) Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls. A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies. Ability to keep up to date with technology and security. Make informed decision and appropriate adjustments . Good interpersonal and communication skills with the ability to influence at all levels of the organisation, while being able to simplify complex topics. Ability to organise, prioritise, and lead multiple deliverables simultaneously across a large, global corporate environment. Familiarity with containerization and orchestration technologies (Docker, Kubernetes, etc.). Experience with Infrastructure as Code (IaC) tools (like Terraform, Ansible). Professional security management certification, such as a CISSP, CISM, CCSP, or similar.
