Responsibilities
Cloud Governance & Guardrails
- Lead deployment and optimization of AWS Control Tower, Security Hub, and AWS WAF for secure multi-account strategy.
Cloud Security Platform Ownership
- Own security outcomes across AWS (primary), Azure (secondary), and limited GCP, including landing zone standards, guardrails-as-code, detection, and remediation automation.
Secure-by-Default Engineering
- Design reusable secure cloud patterns, hardened Terraform modules, reference architectures, and baseline configurations.
Container Security
- Secure EKS and ECS environments with runtime protection, image scanning, and least-privilege orchestration.
Security Assessment & Roadmap
- Perform baseline assessments, identify gaps, and provide prioritized recommendations.
Identity & Access Management
- Design and enforce least-privilege IAM across AWS accounts and workloads.
Operational Excellence
- Develop secure configuration standards, documentation, and procedures.
Detection & Telemetry Ownership
- Ensure complete, centralized security telemetry (CloudTrail, GuardDuty, VPC Flow logs).
Cloud Security & Compliance Alignment
- Align configurations with ISO 27001, SOC 2; automate evidence collection.
Third-Party Integration
- Manage secure access for security vendor tools.
Incident Response
- Participate in on-call rotation; serve as SME for cloud security incidents.
Vulnerability & Exposure Management
- Build cloud vulnerability program with SLAs, scanning, and patch workflows (AWS Inspector, ECR).
Cloud Security Tooling Ownership
- Onboard and tune CSPM and MDR integrations.
Secrets, Keys, and Credential Hygiene
- Implement secure secrets management (Secrets Manager, Parameter Store, Vault), KMS strategy.
CI/CD and Supply Chain Security
- Secure software delivery pipeline with policy-as-code, artifact integrity.
Cloud Incident Readiness & Exercises
- Build playbooks and run tabletop exercises.
Multi-Cloud & Hybrid Baselines
- Establish security baselines for Azure, GCP, hybrid connectivity.
Security Metrics & Continuous Improvement
- Define and report key metrics.
Leadership and Execution
- Mentor engineers and provide enablement.
Requirements
- 5–8+ years in Information Security, 3+ years AWS Cloud Security.
- Deep AWS experience: IAM, VPC, S3, KMS, GuardDuty, Inspector, Config.
- Strong Terraform for IaC.
- Experience securing EKS/ECS.
- Basic Azure security knowledge.
- Consultative mindset, collaborative, automation-focused.
- Bachelor’s degree in CS, InfoSec, or equivalent.
- Desirable: AWS Certified Security – Specialty, Azure security certs.