Job Description

• Your Role Responsibilities? Here\'s What You\'ll Do:

• Develop security controls across cloud platforms (AWS, Azure, GCP) to enhance the security posture of our infrastructure.
• Perform cloud-specific penetration testing to identify vulnerabilities, misconfigurations, and insecure APIs, followed by remediation.
• Maintain automation scripts to improve cloud security processes, vulnerability scanning, and monitoring using tools like Python, Bash, or PowerShell.
• Collaborate with DevOps and infrastructure teams to ensure the secure deployment of services using container technologies like Docker and Kubernetes.
• Security incident response by analysing cloud-based security incidents and breaches.
• Manage cloud security monitoring tools, SIEM solutions (e.g., ELK SIEM, splunkl), and provide real-time threat detection and incident response capabilities.
• Ensure compliance with security standards and regulations (GDPR, HIPAA, NIST) within cloud environments.
• Review and enhance security policies, IAM roles, and permissions to prevent unauthorized access and data breaches.
• Participate in security audits, vulnerability assessments, and risk analysis to ensure understanding of industry best practices.

What We\'d Like to See:

• Technical Expertise: Strong experience with cloud platforms (AWS, Azure, Google Cloud), particularly in security services like AWS IAM, Security Groups, VPC, and Azure Key Vault.
• Penetration Testing: Hands-on experience with cloud-specific pentesting tools (Prowler, ScoutSuite) and general security tools like Burp Suite, Metasploit, or Nessus.
• Automation Proficiency: Advanced scripting skills (Python, Bash, PowerShell) to develop automation for security monitoring, testing, and incident handling workflows.
• Container Security: Proficiency in securing containerized environments (Docker, Kubernetes) and managing cloud-native security solutions.
• Incident Response: Experience with digital forensics, incident handling, and response in cloud environments, using logs (AWS CloudTrail, Azure Monitor) to trace and reduce incidents.
• Compliance & Frameworks: Familiarity with security frameworks (CIS, NIST, ISO 27001) and experience implementing compliance measures in cloud-based infrastructures.
• : complex security issues to all partners, ensuring clarity and applicable insights.
• Certifications (Preferred): AWS Certified Security - Specialty, Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), or other relevant security certifications.

Your Responsibilities as a DevOps Security Engineer:

• Collaborate closely with development, operations, and security teams to integrate security measures into the entire software development lifecycle (SDLC).
• Automate security testing processes, such as Continuous Integration/Continuous Deployment (CI/CD) pipeline security checks, to identify vulnerabilities early in development.
• Develop security playbooks and incident response plans tailored to cloud environments to ensure rapid response to security incidents.
• Monitor cloud environments for vulnerabilities and potential threats using advanced security tools, ensuring proactive defence.
• Could you provide mentorship to junior team members and guidance on cloud security best practices to promote a culture of security-first thinking?
• Research and stay up-to-date with the latest cloud security threats, technologies, and best practices to ensure we remain to latest threats.
• Participate in post-incident reviews and root cause analysis to improve response strategies and reduce future risks.

Informatica