Responsibilities
- Serve as a Subject Matter Expert (SME) for security technologies, supporting high visibility needs of the business in a variety of special projects. These unique projects often involve expedited deliverables, operational agility, and require top quality deliverables covering both the consulting and operations functions
- Investigate any security incidents and provide insights to internal/external business users
- Develop processes and procedures and fine-tune alerts as part of ongoing improvisation of security operations
- Develop cloud/hybrid and cloud platform-specific security policies, standards, and procedures on cloud providers (Azure, AWS) and cloud-native platforms (PCF, Docker, Kubernetes, etc.)
- Identify and deliver appropriate cloud security controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud-native threats
- Conduct integration of supported Cloud-based Security Products such as Web Application Firewall (WAF), Web Security Proxy, etc
- Conduct detailed & comprehensive investigations and triage on a wide variety of security events.
- Recommend and implement remediation processes
- Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques
- Collaborate with cross-functional teams to implement security measures and address security requirements
- Communicate security risks, recommendations, and status updates to stakeholders, management, and team members
- Identify opportunities to improve processes and/or tools to ensure the highest level of quality, including documentation, mentoring, and training sessions
- Own the technical components of a customer integration project including but not limited to configuration, debugging, documentation, testing, and go-live support
- Identify and mitigate potential security threats and vulnerabilities
- Provide relevant recommendations to improve the overall security posture of customers
- Deployment of security technologies while ensuring standards are adhered to as well as maintenance/ repair supervision working with vendor support teams on corrective activities for system issues
- Assist in any ad-hoc tasks when necessary
Requirements
- Over 5 years of experience in Information Security or engineering
- At least 2 years of direct experience in one of the Public Cloud platforms, such as AWS or Azure with strong knowledge of their security features
- Ability to identify and drive remediation of public and hybrid cloud risks
- Experience in general security technologies, processes, and concepts
- Industry-recognized security certifications (OSCP, CISSP, CISA, CEH, AWS Security, etc.).
- Working experience on SIEM / Analytics tools, eg: Securonix, Sentinel
- Working experience with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, etc
- Strong analytical and problem-solving skills, with the ability to identify and address security risks and vulnerabilities
- Working knowledge of security systems and programs
- Ability to analyze and develop innovative recommendations and solutions
- Sound fundamental knowledge of Internet technologies, such as TCP/IP, HTTP, SSL, DNS, OWASP Top10, and web servers (e.g. Apache, IIS, Nginx, etc.)
- Experience with web security concepts and technologies such as web application firewalls, and proxy.
- Familiarity with AWS technologies, such as CodePipeline, CodeBuild, CodeDeploy, CodeStar, Guardrails, Amazon ECS, AWS Lambda, and Open-source tools like Jenkins, DefectDojo, and OWASP Glue will be an added advantage
- Excellent verbal and written communication skills
- Independent and results-oriented
- Willing to work on a flexible schedule depending on business need
Shortlisted candidates will be offered a 1 Year Agency contract employment