Senior Security Engineer

Key Responsibilities

AWS Cloud Security Architecture:

• Design and implement comprehensive security architecture for AWS cloud environments.
• Configure and manage AWS Shield for DDoS protection across payment processing infrastructure.
• Optimize AWS CloudFront security configurations, including WAF rules, SSL/TLS, and origin protection.
• Secure AWS services such as EC2, ECS, EKS, Lambda, RDS, S3, and API Gateway.
• Design and implement network security controls using VPC, Security Groups, NACLs, and AWS Transit Gateway.
• Establish secure CI/CD pipelines for Node.js and GoLang microservices.

Application & Infrastructure Security:

• Secure Node.js applications and GoLang microservices running on AWS infrastructure, including container and serverless environments.
• Implement security controls for GoLang microservices deployed across multiple AWS regions.
• Manage AWS WAF rules for web application protection.
• Secure Docker containers running Node.js and GoLang applications.
• Implement security for Kubernetes clusters (EKS) hosting microservices architecture.
• Manage secrets and configurations using AWS Secrets Manager and Parameter Store.

Monitoring & Incident Response:

• Implement continuous security monitoring using AWS CloudTrail, GuardDuty, and Security Hub.
• Deploy Prowler for continuous AWS security monitoring and compliance validation.
• Use ScoutSuite for multi-cloud security posture assessments.
• Integrate Gitleaks for secret detection across development workflows.
• Implement OpenGrep rules for real-time security vulnerability detection in application code.
• Configure CloudWatch alarms and automated incident response workflows.
• Develop and maintain security dashboards and reporting mechanisms.
• Respond to security incidents and conduct forensic analysis in cloud environments.

Compliance & Risk Management:

• Ensure AWS infrastructure compliance with financial industry regulations (e.g., PCI DSS, SOX, GDPR).
• Conduct security assessments with Prowler and ScoutSuite.
• Implement continuous compliance monitoring through automated tools and custom security frameworks.
• Perform risk assessments for cloud services and architectures.
• Develop and maintain disaster recovery and business continuity plans.
• Support compliance audits and regulatory assessments.

Automation & DevOps:

• Implement Infrastructure as Code (IaC) security using Terraform, CloudFormation, and AWS CDK.
• Integrate Gitleaks for automated secret scanning in CI/CD pipelines and repositories.
• Deploy OpenGrep (Semgrep) for static analysis and security vulnerability detection in Node.js and GoLang codebases.
• Utilize Prowler and ScoutSuite for security auditing and configuration reviews.
• Automate security policy enforcement across AWS accounts and regions.
• Implement automated remediation for security misconfigurations.

Required Qualifications

Experience:

• 8+ years of experience in cloud security, with a strong focus on AWS cloud environments.
• Hands-on experience with AWS Shield for DDoS protection.
• Extensive experience securing AWS CloudFront distributions, including WAF integration and SSL/TLS configuration.
• Strong experience securing Node.js applications in cloud environments.
• Proven experience with GoLang microservices security in containerized and serverless architectures.
• Hands-on experience with security automation tools like Gitleaks, OpenGrep, Prowler, and ScoutSuite.

Technical Skills:

• Advanced proficiency in AWS security services and best practices.
• Deep understanding of AWS Shield and DDoS mitigation strategies.
• Expert-level knowledge of AWS CloudFront security configurations and optimization.
• Strong security knowledge for Node.js applications, including dependency management and runtime security.
• Expertise in GoLang microservices security patterns and secure coding practices.
• Proficiency with security automation tools: Gitleaks (secret scanning), OpenGrep/Semgrep (static analysis), Prowler (AWS security assessment), ScoutSuite (multi-cloud auditing).
• Experience with Infrastructure as Code (IaC) tools: Terraform, CloudFormation, AWS CDK.
• Strong knowledge of container security (Docker, Kubernetes/EKS).
• In-depth understanding of network security protocols and AWS networking services.
• Scripting and automation skills (Python, Bash, PowerShell).