Responsibilities
- Design and implement secure cloud architectures aligned with best practices.
- Contribute to centralized cloud security capabilities across systems under the CISO's remit.
- Lead threat modelling exercises and define risk mitigation strategies.
- Review vulnerability management and penetration testing findings, and translate them into actionable remediation plans.
- Configure and manage AWS security services (e.g., IAM, KMS, certificate management).
- Define and implement logging and security telemetry collection for AWS workloads, integrating with security analytics and observability platforms.
- Act as an embedded security engineer within product teams.
- Design and recommend security controls that balance protection, usability, and delivery speed.
- Embed security-by-design principles into architectures, CI/CD pipelines, and engineering practices.
- Improve security posture of existing systems by identifying control gaps, prioritizing remediation, and implementing sustainable fixes.
- Perform scoped penetration testing to validate key controls and identify weaknesses.
- Define and implement automated security checks (e.g., IaC scanning, cloud posture management, CI/CD policy enforcement).
- Translate security requirements into controls as code (e.g., Terraform modules, policy-as-code, guardrails).
- Continuously enhance controls and automation based on emerging threats, incidents, and evolving requirements.
- Collaborate with product, engineering, and platform teams to design secure solutions and resolve trade-offs.
- Communicate complex security concepts clearly to both technical and non-technical stakeholders.
- Provide regular updates to the CISO on risks, residual issues, and progress on security improvements.
Provide clear, actionable guidance on cloud and infrastructure design, including:
- Account and landing zone architecture
- Network segmentation (VPC)
- Identity and access management (IAM)
- Data protection, logging, monitoring, and workload security
Requirements
- 5-7 years of experience in cloud platform or cloud security engineering, with hands-on involvement in design, implementation, and troubleshooting.
- Strong expertise in cloud security, including networking, IAM, KMS/BYOK, logging/telemetry, containers/serverless, and CI/CD security.
- Proficiency in Infrastructure as Code (IaC) and automation tools for implementing and managing security controls.
- Experience with automated control validation (e.g., cloud posture management, IaC scanning, CI/CD-integrated checks).
- Familiarity with implementing controls as code in collaboration with engineering teams.
- Strong problem-solving skills with a pragmatic, outcome-driven mindset.
- Ability to work closely with engineering teams while operating as an independent contributor.
- Strong communication skills to engage both technical and non-technical stakeholders.
- Cloud Solutions Architect and/or Cloud Security certifications are preferred.
