Cloud Security Engineer

Job Tasks and Responsibilities

• Conduct cloud security assessments, architecture reviews and risk assessments for GCC and public sector cloud environments on AWS and Azure
• Design, implement and maintain secure cloud architecture, landing zones, guardrails and baseline configurations across AWS and Azure platforms
• Harden cloud infrastructure, services, virtual machines, containers and platform components based on approved security standards and benchmarks
• Develop scripts and Infrastructure as Code to automate cloud security hardening, monitoring, compliance checks and remediation activities
• Implement and manage cloud identity and access management controls including least privilege, federation, privileged access, secrets and key management
• Configure and maintain cloud security controls such as network segmentation, firewalls, WAF, DDoS protection, private connectivity and encryption
• Maintain cloud security monitoring, logging and alerting capabilities, and support threat detection, investigation and incident response activities
• Work with Cloud, DevOps and Application teams to integrate security controls into CI/CD pipelines and secure software delivery processes
• Perform vulnerability assessments, configuration reviews and remediation tracking for workloads deployed on AWS and Azure
• Conduct reviews to ensure compliance with security policies, public sector requirements, data residency controls and cloud governance standards
• Work with Engineering and Operations teams to manage cloud security findings and drive closure through the defect life cycle
• Improve cloud security processes, standards, playbooks and tools to enhance security posture and operational efficiency
• Take on a secondary role as a DevSecOps Engineer or Cloud Platform Security Engineer where required by project needs
• Collaborate with cross-functional teams to enhance security across the cloud development and operations pipeline

EXPERIENCE AND SKILLS NEEDED

• Min 6 years of experience in cloud security engineering, cloud security assessment, analysis and remediation
• Experience in AWS and Azure, including GCC and public sector / regulated cloud environments, will be an added advantage
• Experience in secure cloud architecture design, landing zones, account/subscription segregation and cloud governance will be an added advantage
• Experience in agile development environment will be an added advantage
• Experience with continuous integration and continuous delivery using GitLab, Azure DevOps, GitHub Actions, Jenkins or other similar tools will be an added advantage
• Experience with Infrastructure as Code tools such as Terraform, CloudFormation, Bicep, ARM templates or equivalent will be an added advantage
• Experience with AWS security services such as IAM, Organizations, Control Tower, KMS, CloudTrail, Config, GuardDuty, Security Hub, Inspector, WAF or equivalent will be an added advantage
• Experience with Azure security services such as Microsoft Entra ID, Azure Policy, Key Vault, Defender for Cloud, Microsoft Sentinel, Azure Monitor, Azure Firewall or equivalent will be an added advantage
• Experience with cloud security posture management (CSPM), cloud workload protection (CWPP), CNAPP tools such as Wiz, Prisma Cloud, Defender for Cloud, Lacework, Orca or equivalent will be an added advantage
• Experience with container and Kubernetes security for AKS, EKS, image scanning, runtime protection and secrets management will be an added advantage
• Experience with IAM, PAM, zero trust, encryption, PKI, SIEM/SOAR, incident response and cloud logging will be an added advantage
• Experience with vulnerability management and cloud-native security testing tools, including SAST, DAST, SCA, secrets scanning or equivalent will be an added advantage
• Experience with compliance and governance standards such as CIS Benchmarks, NIST, ISO 27001, SOC 2, PCI DSS and applicable GCC / public sector regulatory requirements will be an added advantage
• Certified cloud and security professionals such as AWS Certified Security - Specialty, AWS Solutions Architect, Microsoft Certified: Azure Security Engineer Associate (AZ-500), Azure Solutions Architect, CCSP, CCSK, CISSP, CISM or equivalent will be an added advantage
• Security testing-specific certifications such as CEH, OSCP, GPEN, GWAPT or equivalent will be an added advantage
• Degree or Diploma in Computer Science, Computer or Electronics Engineering, Information Technology or related disciplines