Description
Platform: AWS
Work Package: Drift controls using SCP/Config/Detective and Security hub
AWS Technologies: Org, SCP, Config, Detective, Securityhub, Lambda for automation, Access Manager
Experience: min 5 Years
Certification:
Must have: AWS Security Speciality
Good to have: AWS Professional Architect Certification and/or Terraform Associate Hashicorp Certification
Deliverables
- Design and Build following:
- Drift controls using SCP Policy, Config, Customized triggers generated from security hub .
- Injection of events into security hub such as but not limited to Marketplace vendors, Access analyzer, GuardDuty, Macie, Inspector, Firewall Manager and System manager form all the assets on cloud
- Detection and remediation controls based on VISA standards
- Implementation of automation of all technologies (SaaS, PaaS and IaaS) using terraform, lambda and cloud formation templates
- Drift code management using CI/CD Bitbucket using code deploy and commit.
- Terraform sentinel code review and security vetting .
- Security design best practices as per VISA standards and AWS well architecture framework.
- Detail understand on anti-drift controls implemented using AWS Org
- Automation and enhance of all components must be done via Terraform template or cloud formation template
- Documentation every aspect of delivery that includes but not limits to playbooks, procedures, design, risk posture and so on