Lead SecOps

You are a passionate and empathetic team player seeking an opportunity with CLOUDSUFI as an Information Security Lead. In this role, you will be responsible for overseeing the organization's information security framework to ensure the confidentiality, integrity, and availability of all data. Your primary duties will include developing and implementing security policies, managing risk assessments, and addressing compliance requirements. As the Infosec Lead, you will lead incident response efforts, conduct security audits, and collaborate with cross-functional teams to mitigate vulnerabilities. Your expertise in cybersecurity tools, frameworks, and best practices will be essential for success in this role. Key Responsibilities: - Work independently with vendors and collaborate with colleagues. - Negotiate remediation timelines and/or remediate found issues independently. - Implement vendor platforms within CI/CD pipelines. - Manage/respond to incidents, collect evidence, and make decisions. - Deploy criteria within WAF and fine-tune configurations based on application needs. - Maintain a high level of concentration on assigned projects and multitask effectively. - Demonstrate resilience and persistence to promote security within the organization. - Define and integrate DevSecOps security requirements in projects. - Articulate security requirements during architecture meetings and collaborate with application and DevOps teams. - Utilize various security tools and techniques, including Trivy, Prowler, Port53, Snyk, KaliDiscovery, and more. Preferred Certification: - AWS Security / CISSP / CISM (Certified Information Security Manager) Required Experience: - 8+ years of experience with AWS orchestration via Terraform scripts. - Proficiency in AWS services such as CloudWatch, CloudTrail, GuardDuty, and WAF. - Experience with Cloudflare or any other WAF tool, Datadog, Trivy, Prowler, Snyk, and other security tools. - Familiarity with compliance regimes like PCI, SOC2, SOX, and HIPAA. - Expertise in Infrastructure as Code tools like Ansible, Terraform, and CloudFormation. - Strong experience implementing security tools within CI/CD pipelines. - Skilled in cloud service providers, particularly AWS. - Ability to oversee technological upgrades and improve cloud security environments. - Proven leadership in developing security strategies, overseeing audits, and maintaining security policies. Non-Technical/ Behavioral Competencies: - Experience working with large customers in the Middle East region, particularly Saudi Arabia. - Strong written communication, technical articulation, listening, and presentation skills. - Conflict management, persuasive, and negotiation skills. - Effective task prioritization, time management, and stakeholder management abilities. - Quick learner, self-starter, go-getter, and team player. - Experience working under stringent deadlines in a Matrix organization structure.,