Job description

The job involves designing, implementing, and maintaining security solutions for cloud infrastructure in GCP and Azure, conducting security assessments, and managing security incidents. The ideal candidate should have strong expertise in cloud security, DevSecOps methodologies, and familiarity with security regulations and standards.

Responsibility

• Design, implement, and maintain security solutions for cloud infrastructure in GCP and Azure.
• Conduct security assessments and vulnerability scans, and identify security risks and threats.
• Collaborate with other teams to implement remediation plans and ensure compliance with security standards and regulations, such as PCI DSS, HIPAA, and SOC 2.
• Develop and maintain security policies, procedures, and guidelines, and ensure their adherence by all stakeholders.
• Manage security incidents, investigate security breaches, and provide guidance and recommendations to prevent future incidents.
• Perform security testing and validation of cloud applications and infrastructure, including penetration testing and code reviews.
• Implement and manage access controls, encryption, and authentication solutions to ensure the confidentiality, integrity, and availability of data and applications.
• Automate security testing, deployment, and management tasks using scripting and automation tools.
• Participate in on-call rotation and provide 24x7 support for security incidents.
• Stay up to date with the latest security threats, trends, and technologies, and continuously evaluate and improve our security posture.

Qualifications

• Bachelor's degree in computer science, information technology, or a related field.
• 8+ years of experience in security engineering, with a focus on cloud security in GCP and Azure.
• Expertise in security solutions and tools, such as firewalls, intrusion detection and prevention systems, security information and event management systems (SIEMs), and identity and access management (IAM) solutions in GCP and Azure.
• Experience with DevSecOps methodologies and secure coding practices.
• Strong understanding of security principles and practices, such as encryption, access controls, authentication, and security audits.
• Familiarity with security regulations and standards, such as PCI DSS, HIPAA, and SOC 2.
• Experience with security testing and validation tools, such as penetration testing tools and code review tools.
• Knowledge of scripting and automation tools, such as Ansible, Terraform, or PowerShell.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration skills, with the ability to work effectively in a team environment.
• Industry certifications in GCP and Azure are a plus, such as Google Cloud Certified - Professional Cloud Security Engineer and Microsoft Certified: Azure Security Engineer Associate.