Description
We are currently looking for an experienced Cloud Security Engineer who specialises in AWS Security.
The cloud security engineer will build, maintain, upgrade and continuously improves cloud networks and cloud-based systems within this national organisation.
The Cloud Security Engineer will be responsible for the operations of secure cloud infrastructure, platforms, and software.
Day to day Activities
- Architecture for Native environments/accounts connectivity
- Integration with existing environments,
- Ingress & Egress
- Authentication & access control
- CI/CD
- Centralised logging (monitoring & alerting)
- Implement the ability to deploy AWS Native environments/accounts with agreed guardrails at scale using automation and Self-Service Capabilities
- Define the guardrails around (SCP, Config Rules)
- Define the monitoring of AWS Services (Who monitors, how the services are monitored)
- Configure Landlord and Tenant services
- Config. Implement the guardrails and security configuration as part of the implementation of services
- Confirm which guardrails are preventative v detective, which ones would be opt-out'able
Essential experience
- Experience delivering Infrastructure as Code (IaC) with Jenkins and Terraform including version control
- Good Understanding of Cloud Networkingincluding VPC, NLB, TGW, IAM, SG, Lambda, VPC Endpoints
- Experience with AWS Cross Accounts Service Integration
- Automation of configuration management and application deployment using Ansible
- Knowledge of establishing Systems Management and Monitoring ie Cloudwatch
- One or more of the following: Python, Java, Perl, or Scripting in Shell and Perl
- Modern software development methodologies; Agile, Scrum and CI/CD
- Familiar with Cloud Security, Compliance and standard IT security practices such as encryption, certificates and key management.
- HandsOn Experience with RBAC or ABAC IAM models
- Demonstratable experience of interpreting (in conjunction with a security assurance lead), implementing and evidencing alignment with CSA Cloud Controls Matrix and NIST CSF in AWS
- Previous hands-on experience in delivering AWS API Gateway as shared service
- Management and Monitoring ie Cloudwatch
- One or more of the following: Python, Java, Perl, or Scripting in Shell and Perl
- Modern software development methodologies; Agile, Scrum and CI/CD
- Familiar with Cloud Security, Compliance and standard IT security practices such as encryption, certificates and key management.
- HandsOn Experience with RBAC or ABAC IAM models
- Previous hands-on experience in delivering FTP Server Family as shared service
- In-depth knowledge of Understanding of AWS Cloud Networking Services ie VPC,TGW etc
- Experience with AWS Cross Accounts Service Integration
- Knowledge of establishing Systems Management and core AWS Monitoring Capabilities
- One or more of the following: Python, Java, Perl, or Scripting in Shell and Perl
- Modern software development methodologies; Agile, Scrum and CI/CD
- Familiar with Cloud Security, Compliance and standard IT security practices such as encryption, certificates and key management.
- HandsOn Experience with RBAC or ABAC and user access segregation.
- Implementing centralised Logging and Auditing
- Demonstratable experience of interpreting (in conjunction with a security assurance lead), implementing and evidencing alignment with CSA Cloud Controls Matrix and NIST CSF in AWS (Identify, Protect, Detect, Respond, Recover )
- Previous hands-on experience in delivering AWS Control Tower in multi-account environments