- Compliance and Governance
- Compliance Standards:
- Ensure adherence to GDPR, HIPAA, PCI DSS, and other standards.
- Maintain audit trails with AWS CloudTrail and Bitbucket Activity Logs.
- Vulnerability Assessment, Penetration Testing (VAPT), and Hardening
- Assessments: Perform regular vulnerability assessments on AWS resources using tools like AWS Inspector, Nessus, or Qualys.
- Service Hardening: Apply AWS best practices to secure services like EC2, RDS, and S3.
- Encryption: Implement encryption in transit and at rest using AWS KMS and SSL/TLS.
- Infrastructure Security
Cloud Security:
- Use AWS services (Security Hub, GuardDuty, CloudTrail) and GCP tools (Security Command Center, IAM) to harden cloud environments.
- Automate infrastructure deployment with Terraform or AWS CloudFormation, ensuring security best practices.
- Scan IaC using Checkov, Terrascan, or AWS Config Rules.
- Application Security
- SAST and DAST:
- Perform SAST during development to identify vulnerabilities early.
- Conduct DAST in staging or production using tools like Burp Suite, OWASP ZAP, or AppScan.
- Android Security:
- Test Android apps using tools like MobSF, QARK, or Drozer.
- Ensure compliance with OWASP MSTG standards.
- Ethical Hacking and Ransomware Testing
- Ransomware Simulation: Simulate ransomware attacks to test recovery capabilities and data resiliency.
- Ethical Hacking: Perform ethical hacking exercises to assess system vulnerabilities and identify potential breaches
- Threat Analysis Threat Modeling:
- Conduct regular threat analysis to evaluate potential risks to cloud infrastructure and applications.
- Create and maintain threat models for applications, services, and infrastructure to identify attack vectors and mitigation strategies.
- Use tools like Microsoft Threat Modeling Tool, OWASP Threat Dragon, or custom modeling techniques to identify and prioritize risks.
- Code Scanning:
- Use Bitbucket Code Insights for integrated security scan results in PRs.
- Monitor repositories for exposed credentials or sensitive data.
- Automate IaC scanning with tools like Checkov.
- CI/CD and Code Security
- Secure Pipelines:
- Integrate Bitbucket Pipelines with AWS services for secure deployments.
- Automate security checks at each pipeline stage:
- SAST (Static Application Security Testing): Use tools like SonarQube.
- DAST (Dynamic Application Security Testing): Use tools like OWASP ZAP or Burp Suite.
- Dependency scanning using tools like OWASP Dependency-Check.
- Container security scanning for Docker images.
- Code Scanning:
- Use Bitbucket Code Insights for integrated security scan results in PRs.
- Monitor repositories for exposed credentials or sensitive data.
- Automate IaC scanning with tools like Checkov.
- WSO2 API Manager Responsibilities
- API Security:
- Secure APIs with OAuth2, JWT tokens, and mutual TLS.
- Implement rate-limiting and throttling to prevent abuse.
- Integrate APIs with AWS Cognito or other identity providers for authentica
- Monitoring and Incident Response
- Monitoring:
- Use AWS CloudWatch, GuardDuty, and Bitbucket monitoring features.
- Configure proactive alerts using PagerDuty or Slack for Bitbucket Pipelines.
- Incident Response:
- Automate incident response workflows using AWS Systems Manager or AWS Lambda.
- Conduct regular incident response drills.
- AWS IAM (Identity and Access Management)
- Policy Design: Create and enforce least privilege access policies.
- Audits: Conduct regular audits of IAM roles, groups, and policies to ensure compliance and security.
- Federated Identity: Configure and manage federated identity with external IdPs (e.g., Okta, Azure AD).
- Bitbucket Roles and Responsibilities
- Version Control Security:
- Manage repository access using roles (Admin, Developer, Read-Only).
- Enforce branch protection rules for PR reviews.
- Secure sensitive data using Bitbucket Pipelines environment variables.
- CI/CD Pipeline Integration:
- Integrate Bitbucket Pipelines with security tools like SonarQube or Checkmarx.
- Automate dependency vulnerability checks.
- Use pre-commit hooks for code quality and security validation.
Job Requirement
Key Tools and Technologies
Category
Tools
Compliance and Governance
GDPR, HIPAA, PCI DSS / AWS CloudTrail and Bitbucket Activity Logs
Vulnerability Assessment, Penetration Testing (VAPT), and Hardening
VAPT
Infrastructure Security
AWS services
Application Security
SAST / DAST
Ethical Hacking and Ransomware Testing
ransomware attacks / system vulnerabilities
Threat Analysis Threat Modeling
applications, services, and infrastructure
Code Scanning
SonarQube, Checkmarx, OWASP ZAP
Source Control
Bitbucket, Git
CI/CD
Bitbucket Pipelines, Jenkins, GitLab CI/CD
Cloud Security
AWS Security Hub, GuardDuty, GCP Security
API Management
WSO2 API Manager, AWS API Gateway
