Profile Required
Experience : 10 yrs+
- Defines, publishes and maintains processes for Security Governances, Risk and Compliance (GRC) for public cloud (AWS and Azure)
- Define cyber controls for public cloud platform, whilst adhering to a centralized methodology
- Updating and documenting security controls as an accountable part of the public cloud expertise team (e.g.: code security audit)
- Recommending changes to policies or procedures based on new threats or vulnerabilities identified
- Build and enforce hardening checklist comprises of industry's best practices for public cloud
- Provide design time review and guidance to teams building and deploying solution to public/private/hybrid cloud. (Security by Design)
- Conduct risk analysis and define/monitor associated mitigation/remediation plans
- Validate and communicate on the hardening of services and assess the maturity of application/service/infra against the defined security framework
- Carry out monitoring and propose functional improvements within the scope of intervention (security framework, risk analysis....),
- Collecting evidence and performing technical and functional acceptance tests in the context of "infrastructure and service hardening" projects,
- Conducting vulnerabilities scans with automated tools (SAST/DAST etc) to identify potential security issues
- Support/advise the operational security teams (Operation Security Manager),
- Security code review on all the developed infra components.
Expected Deliverables
- Service/Application/Infra maturity reports (assessment report). Assessment against defined maturity model
- Risk analysis file
- Blueprint and/or technical notes,
Services/Infrastructures security compliance reports based on the controls defined and specified (ex: vulnerability management, code audit,.).
Specific Context
- Cybersecurity:
Security audit and framework (ISO 27001, NIST, PCI-DSS): Intermediate to Expert
Pentest knowledge (OWASP, methodology, hacking): Intermediate to Expert
- Public Cloud infrastructure & security (AWS, Azure): Intermediate
Security and Code Audit:
- Amazon Web Application Firewall, Guard Duty, Inspector, IAM Access Analyzer, cloud Trail, Shield, Macie, Config, security Hub
- Azure Security Center, Firewall, DDoS protection, Sentinel, Web Application Firewall (WAF),
- Development knowledge (python, Git, .)
- DevOps tooling and DevSecOps knowledge
Didn’t find the job appropriate? Report this Job