Tóm tắt công việc
We are seeking an a AWS Cloud Security Engineer who can provide hands-on technical engineering of the growing cloud security program (Threat Model / Attack Vectors), mostly on the AWS infrastructure for our prime Digital Bank client.
You will work closely with the Cloud Engineering team as well the Cloud Operations team to help build secure and robust controls including 4 levels of (sec) controls:
Directive: i.e. policies
Preventive: Access controls, segregation, etc.
Detective: scanning and such
Canary: automated approach using our in-house developed Canary Engine that goes and reads directive controls and tests those
Responsibilities
Serves as the subject matter expert (SME) on Cloud Chaos Security
Develops security experiments and procedures as well as best practices documentation.
Participate in efforts that tailor the company’s security policies and standards for use in cloud environments
Propose and/or design technical solutions, which include creating prototypes and proofs of concept while maintaining a security mindset
Work closely with cloud platform engineers to deliver creative solutions to complex technology challenges and business requirements.
Automate security controls, data and processes to provide better metrics and operational support
Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments
Stay current on emerging security threats, vulnerabilities and controls.
Identify and Implement new security technologies and best practices into Cloud offerings
Exposure to Chaos Engineering principles for delivery of highly available & reliable software on cloud platforms
Identify detect and remediate failures in security controls by executing continuous instrumentation and validation of security capabilities
Must have:
Cloud Security experience (AWS)
Code experience (Python/Bash)
Good English communication skills
Nice to have:
Ability to map security standards against the proposed solution/architecture (for both IaaS & SaaS solutions)
Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security.
Demonstrated ability to understand and propose security requirements on Cloud (but not limited)
Open Banking/PSD2, APIs
Big Data Platform/Security Components (Hortonworks/Apache)
Cloud Service, Provider, and Platform Security (SaaS, FaaS, PaaS & crypt IaaS)
Advanced Identity & Access Management
Cryptography & PKI
Automated Vulnerability Management Solutions (Qualys, SonarQube, Open Sources, IBM App Scans, X-Ray, etc)
Application Security (Secure SDLC, DevSecOps, and Automation)
Next Generation Network Security (Software Defined Perimeter, Zero Trust/BeyondCorp, SDWAN)
End User Technology, Productivity & Collaboration Security