Job
Description
About Us CLOUDSUFI, a Google Cloud Premier Partner, is a global leading provider of data-driven digital transformation across cloud-based enterprises. With a global presence and focus on Software & Platforms, Life sciences and Healthcare, Retail, CPG, financial services, and supply chain, CLOUDSUFI is positioned to meet customers where they are in their data monetization journey. Our Values We are a passionate and empathetic team that prioritizes human values. Our purpose is to elevate the quality of lives for our family, customers, partners and the community. Equal Opportunity Statement CLOUDSUFI is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified candidates receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation and national origin status. We are dedicated to providing equal opportunities in employment, advancement, and all other areas of our workplace. Please explore more at https://www.cloudsufi.com/ What are we looking for CLOUDSUFI is seeking a Information Security Lead overseeing the organization's information security framework, ensuring the confidentiality, integrity, and availability of all data. This role involves developing and implementing security policies, managing risk assessments, and addressing compliance requirements. The Infosec Lead will also lead incident response efforts, conduct regular security audits, and collaborate with cross-functional teams to mitigate vulnerabilities. Strong expertise in cybersecurity tools, frameworks, and best practices is essential for this role. Roles & Responsibilities ➢ Work independently with vendors and collaborate with colleagues. ➢ Experience negotiating remediation timelines and/or remediating found issues independently. ➢ Ability to implement vendor platforms withinCI/CDpipelines. ➢ Experience managing/responding to incidents, collecting evidence, and making decisions. ➢ Work with vendors and internal teams to deploy criteria within WAF and fine tune configurations based on application needs. ➢ Multitasking and maintaining a high level of concentration on assigned projects. ➢ Strong working knowledge of AWS security in general and familiarity with AWS native security tools. ➢ Promote security within the organization despite roadblocks, demonstrating resilience and persistence. ➢ Define and integrate DevSecOps security requirements in projects. ➢ Articulate security requirements during architecture meetings while collaborating with application and DevOps teams. ➢ Hands-on experience with various security tools and techniques, including: ➢ Trivy, Prowler, Port53, Snyk for container and application security. ➢ KaliDiscovery and vulnerability scanning for penetration testing and threat assessment. ➢ Network and website penetration testing (PT) to identify and remediate security vulnerabilities. ➢ SAST and DAST tools for static and dynamic application security testing. ➢ API security testing ➢ Web/Mobile App SAST and DAST Preferred Certification ➢ AWS Security /CISSP /CISM (Certified Information Security Manager) Required Experience ➢ 8+ years of experience with AWS orchestration via Terraform scripts. ➢ 8+ years of experience withCloudWatch,CloudTrail, and GuardDuty. ➢ 8+ years of experience with AWS WAF. ➢ 6+ years of experience with Cloudflare or any other WAF tool. ➢ 6+ years of experience with Datadog or any other logging and monitoring tool. ➢ 6+ years of experience with Trivy or any other vulnerabilities and configuration issues in AWS. ➢ 6+ years of experience with Prowler or any other security issues in AWS or other cloud. ➢ 6+ years of experience with Snyk or any other tool for SCA, SAST and SBOM. ➢ 6+ years of experience with any SAST/DAST tool. ➢ Experience with PagerDuty. ➢ Ability to conduct nuanced threat assessments. ➢ Experience with SOPHOS. ➢ Significant experience with compliance regimes like PCI, SOC2, SOX, and HIPAA. ➢ Proficiency in Infrastructure asCode tools like Ansible, Terraform, andCloudFormation. ➢ Strong experience implementing security tools withinCI/CD pipelines. ➢ Expertise in cloud service providers, particularly AWS. ➢ Proven ability to oversee technological upgrades and improve cloud security environments. ➢ Skilled in developing, installing, configuring, and integrating IT tools and security processes. ➢ Competence in static and dynamic code analysis tools, interpreting results, and guiding teams to address gaps. ➢ Extensive experience in penetration testing, container security, and threat vulnerability assessments. ➢ Capability to assess technology architectures for vulnerabilities and recommend improvements. ➢ Strong leadership in creating and managing security strategies and overseeing information security audits. ➢ Expertise in developing and maintaining security policies, standards, and guidelines. Non-Technical/ Behavioral competencies required ➢ Must have worked with large customers in Middle East Region particularly Saudi Arabia. ➢ Written communication, technical articulation, listening and presentation skills (8/10 minimum). ➢ Should have good conflict management. ➢ Should have superior persuasive and negotiation skills ➢ Should have demonstrated effective task prioritization, time management and internal/external stakeholder management skills ➢ Should be a quick learner, self starter, go-getter and team player ➢ Should have experience of working under stringent deadlines in a Matrix organization structure Show more Show less
