Job
Description
Job responsibilities Design, implement, and maintain cloud security architecture and solutions across AWS, OpenStack, Azure, or GCP to ensure data protection, privacy, and security in the cloud environment. Monitor and protect cloud-based infrastructure, virtual networks, containers, and serverless applications from security vulnerabilities and attacks. Configure, manage, and optimize Web Application Firewalls (WAFs) to protect cloud-hosted web applications from common threats like SQL injection, XSS, and DDoS attacks. Implement and manage identity and access management (IAM) policies, ensuring the principle of least privilege and secure access to cloud resources. Lead and manage cloud-related security incidents, from detection to mitigation and post-incident analysis, ensuring continuous improvement of security posture. Perform risk assessments and threat modelling for cloud environments and applications, identifying vulnerabilities and potential attack vectors in the cloud infrastructure. Ensure cloud environments are compliant with relevant security standards and regulations (e.g., ISO 27001, SOC 2, PCI DSS). Set up and maintain continuous security monitoring and logging for cloud environments to detect anomalies, security threats, and vulnerabilities. Collaborate with development and DevOps teams to integrate cloud security best practices into the SDLC and CI/CD pipelines (DevSecOps). Educate internal teams on cloud security best practices, WAF configuration, and security controls to foster a security-first mindset across the organization. Conduct regular cloud security audits and vulnerability assessments and recommend security enhancements as needed. Experience with threat hunting and using advanced analytics tools to detect security anomalies. Skills Strong knowledge of securing cloud environments (AWS, OpenStack, Azure, GCP) with hands-on experience implementing cloud-native security solutions. Extensive experience configuring, tuning, and managing Web Application Firewalls (WAFs) such as AWS WAF, Azure WAF, or third-party WAFs to protect against OWASP Top 10 threats. Experience with IAM management in the cloud, including configuring roles, policies, and multi-factor authentication (MFA) for secure access to cloud resources. Familiarity with cloud security tools and services (e.g., AWS Security Hub, Azure Security Centre, GCP Security Command Centre) to monitor, detect, and respond to threats. Experience in cloud penetration testing, vulnerability scanning, and risk assessments to identify and remediate security flaws in the cloud infrastructure. Knowledge and experience in managing and mitigating cloud security incidents and breaches, including performing forensic analysis and developing incident response plans. Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automating cloud security tasks, vulnerability scanning, and incident response. Ability to enforce cloud security best practices such as data encryption, network segmentation, secure API practices, and the secure configuration of cloud services. Deep understanding of cloud networking security, including firewalls, VPNs, security groups, VPCs, and private/public cloud configurations. Expertise in deploying DDoS protection services and tuning WAFs for optimal protection against both common and advanced web application attacks. Qualifications 5+ years of experience leading security initiatives for enterprises in an information security (InfoSec) consultant. Relevant certifications such as AWS Certified Security Specialty, Certified Cloud Security Professional (CCSP), or other cloud security certifications are preferred.
