Description
AWS Security EngineerAre you a passionate AWS professional with extensive experience building and automating platform infrastructure and services? We're searching for a talented individual to join our team.
You'll be an integral part of our platform team, collaborating closely with our talented architects, developers and engineers.
Key Activities
- Develop and maintain secure and reliable cloud infrastructure OS patching.
- Support and develop underlying AWS and Kubernetes infrastructure and services for security hardening
- Implementation of ransomware resilient backups.
· Work with other teams to ensure compliance with Security Hub and Kubernetes Gatekeeper policies and troubleshoot technical security issues.
· Validating AWS services against CIS and AWS FSBP benchmarks.
· Practical experience analysing cloud infrastructure vulnerabilities to understand and communicate risks, concerns and outcomes of decisions.
· Detecting security misconfigurations with EKS deployments.
· Work with CI/CD and IaC to deploy common infrastructure and services on AWS and Kubernetes.
· Segment networks to simplify administration and reduce blast radius.
· Segment accounts and IAM permission sets to implement least privilege access.
· Implement IAM automation using IdentityNow and SSO using AWS Identity Center.
· Implement privileged access management including protecting privileged accounts and SSH keys using Cyberark.
· Implement and optimize web application security using AWS WAF and CDNs.
· Management of application and service credentials using AWS Secrets Manager and Cyberark.
· Stay on top of the latest security trends and develop expertise in emerging cloud security technologies.
What we are looking for
· AWS Security Specialist level or equivalent experience (ideally 4 years+ working with AWS and security).
- Good knowledge of Linux distributions and Linux security fundamentals.
- Security risk management and risk assessment using CVSS (Common Vulnerability Scoring System) and CVE (Common Vulnerabilities and Exposures).
· Demonstrable background in AWS networking including VPCs, transit gateways, routing, direct connect, network firewall, NGFW and WAF.
· Experience creating hardened golden AMIs using Hashicorp packer or EC2 image builder.
· Experience of at least one programming language (ideally Python) and creating AWS Lambda functions.
· Good understanding of AWS security best practices including:
- Strong knowledge of IAM and service control policies (SCP).
- AWS Config Rules and Remediations
- General AWS security best practices including the AWS Foundational Security Best Practices (FSBP) standard.
- Vulnerability management including common vulnerabilities and exposures.
- AWS WAF
- Familiarity with Docker, CI/CD and integration testing.
- Good understanding of AWS microservices platforms and associated services including EKS, EC2 Worker Nodes, ECS, ECR, Inspector and CloudMap.
- Good understanding of the CNCF landscape which contains common cloud native open source projects and proprietary products.
- Excellent communication skills, both written and verbal, with the ability to effectively communicate technical concepts to non-technical stakeholders
Extra information
Start date: ASAP
Contract : 6 Months Contract with possibility of extension.
Darwin Recruitment is acting as an Employment Business in relation to this vacancy.