The Cloud Security Engineer is a mid-level Engineer within the Cloud Security team, reporting to Cloud Security Manager.
The role has responsibility for contributing to the overall strategy and for running and improving the approach to cloud security within Division. This role encompasses working with a team of cloud security professionals that oversee and ensure the confidentiality, integrity and availability of all key cloud infrastructure and data. Automation to deliver at scale is a key part of this team and role. Coding skills and experience with public cloud vendors such as Amazon’s AWS and Google’s GCP would be preferred.
The successful candidate should expect frequent travel to Dublin/London and our near-shore location in Porto.
The role involves upskilling through learning on the job, technical training, and technical coaching/mentoring from senior members of the Security Engineering team. As part of this team, you will be assisting with the definition of the team’s strategy, processes, and deliverables efficiency.
- Developing the cloud security program to ensure the availability and integrity of the client's public and private cloud infrastructures
- Contribute to the overall Division cloud strategy ensuring security principles are embedded in all decisions
- Ensure all projects internal and external to the security team are assessed from a cloud security perspective (where applicable) and appropriate requirements are defined and effectiveness verified
- Ensure key cloud security technologies are correctly implemented and maintained, i.e. monitoring & detection
- Develop and evolve a strategic and tactical solution to identify, manage and eradicate cloud security issues
- Collaborate with other security teams to ensure adequate cloud security controls are in place protecting the Division brand
- Build and maintain a strong and positive relationship with key stakeholders across the organisation
- Build and maintain a strong vendor relationship with key cloud suppliers
- Renewals of existing products and achieving cost reduction were possible
- Support compliance and regulatory initiatives and requirements such as PCI DSS, UKGC, and other regional compliance
- Work with the technology risk function to ensure identified threats and risks are captured and recorded in line with our risk management policy, procedures, and standards
- Work with the business's internal audit function to ensure audit findings are remediated in the agreed timeframes
- Collaborate with other security teams and teams outside of the security function
- Incident response and participation in a 24x7 team on-call rotation may be required
- Strong understanding of how to secure public cloud providers such as AWS and GCP
- Understanding of the OpenStack cloud computing platform
- Experience working with Software Defined Networking in a Continuous Integration and Delivery environment
- Experience in coding, and programming in common languages such as Python
- Development experience with common automation tools such as Jenkins, GO, GitLab, GitHub, etc.
- Technical expert who can define solutions and select tools for the cloud security team
- Technical expert who can define cloud security standards and hardening methodologies
- Disciplined and logical thinker, with the ability to draw conclusions from large and complex data sets
- Detailed experience, in approaches to securing corporate and production infrastructure
- Ability to evaluate and select control technologies / methodologies and monitor their effectiveness
- Strong technical knowledge of UNIX, Windows and enterprise networking platforms
- Delivery-driven with a sensible attitude to risk
- Awareness of ISO 27001, PCI and other regulatory compliance standards such as UKGC and GDPR
- Team player, who strives to maximise team and departmental performance
- Lead by example in terms of work ethic and professional attitude
- Strong vendor management
- Excellent English verbal and written communications skills with the ability to modify a style to influence technical and business stakeholders