Senior Security Engineer

Position Overview:

• As a Senior Security Engineer, you will be responsible for implementing and managing security practices to protect our cloud infrastructure and application environments.
• Youll work alongside engineering and DevOps teams to embed security within our Software Development Life Cycle (SDLC), utilizing tools and techniques such as threat modelling, posture management, and vulnerability scanning.
• Your role will be pivotal in maintaining a secure environment for our multi-cloud, microservices platform.

Key Responsibilities:

1. Security Implementation and Incident Management:

• Work with the Security Architect to implement security controls across AWS and Azure environments, focusing on identity management, network security, and encryption.
• Conduct regular security audits and vulnerability assessments, leveraging Prisma Cloud, Snyk, Checkmarx, and Aqua Security to scan for vulnerabilities in code, dependencies, and containers.
• Lead efforts in incident response, troubleshooting, and root cause analysis for security incidents, using tools like AWS GuardDuty, Azure Sentinel, and Splunk.

2. Threat Modeling and Risk Assessment:

• Perform threat modeling exercises on critical applications and systems, identifying security gaps early in the SDLC.
• Develop and maintain security threat models using tools such as OWASP Threat Dragon or Microsoft Threat Modeling Tool, working closely with development teams to remediate risks.

3. Cloud Security Posture Management (CSPM):

• Utilize Cloud Security Posture Management tools, including AWS Security Hub and Azure Security Center, to ensure ongoing security compliance across cloud resources.
• Monitor and manage security configurations across AWS and Azure, enforcing policies with tools like AWS Config and Azure Policy to maintain adherence to internal and regulatory standards

4. Secure SDLC and DevSecOps Integration:

• Drive a shift-left security approach by embedding security into CI/CD pipelines, utilizing Jenkins, GitHub Actions, and security scanning tools like Snyk and Checkmarx.
• Perform code reviews and assist development teams in remediating vulnerabilities, using static and dynamic application security testing (SAST/DAST) as part of the CI/CD pipeline.

5. Third-Party and Open-Source Component Security:

• Manage the security of third-party and open-source components by integrating tools like Snyk and OSSIndex into the development workflow.
• Conduct regular reviews and vulnerability assessments on third-party dependencies, working with engineering to remediate identified risks.

6. Compliance and Documentation Support:

• Ensure adherence to compliance requirements, such as GxP, GDPR, ISO, and CSI, through documentation, audit support, and proactive security measures.
• Prepare and maintain security documentation, including incident response reports, threat models, and vulnerability remediation plans.

Qualifications:

• Education: Bachelors degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• Experience:
• 6+ years of experience in information security or cloud security engineering.
• Proven hands-on experience with AWS and Azure security tools, Kubernetes security practices, and microservices security.
• Good command with cloud-native security tools, such as Prisma Cloud, Snyk, Aqua Security, AWS Security Hub, and Azure Defender.
• Technical Skills:
• Strong knowledge of cloud security best practices, including IAM, RBAC, encryption standards, and network security.
• Experience with DevSecOps and security integration into CI/CD pipelines.
• Proficient in scripting and automation for security tasks (e.g., Python, Bash).
• Certifications: AWS Certified Security Specialty, CISSP, or Certified Cloud Security Professional (CCSP) preferred.

Soft Skills:

• Strong analytical and problem-solving skills, with attention to detail in identifying security risks.
• Effective communication skills, capable of conveying security concepts to engineering and non-technical audiences.
• A proactive mindset, continuously exploring ways to improve security posture and protect against emerging threats.