Sr. Cloud Security Specialist

Duration: 6 months

Extension possible: Possibility - business needs and performance

Conversion Possible: Possibility - business needs and performance

Work Location: hybrid, currently 2 days on site, 4 days on-site come January

Scope of Project: supporting multiple cloud based projects

Team Size/Culture: 3 people, very collaborative work environment

Preferred Candidate Background: someone who is coming from an engineering or architecture (design and build experience)

Selling Points of Position (CVP): Working for a big 5 bank, very early in the cloud journey so you can be apart of it from the beginning to end

The Information Security Specialist - Cloud & Container Security Specialist is responsible for driving Public Cloud security through development of effective security policies, standards and guidelines. He or She will take the lead in reviewing the engineering designs to ensure compliance with the applicable standard and security concerns are fully addressed. The ideal candidate will possess extensive expertise in designing, implementing, and managing Google and Azure Cloud infrastructure, CI/CD pipelines and Container platforms (AKS/GKE). They will play a key role in identifying and mitigating security risks and enabling our organization to operate securely in the cloud. This role requires a strong technical background, excellent problem-solving skills, and the ability to collaborate effectively with cross-functional teams

ROLE AND RESPONSIBILITIES

•Analyze and review cloud architecture diagrams to identify potential security concerns and ensure secure design practices for Public Cloud and Container platforms

•Responsible for defining and developing the necessary standards, controls and guidelines for the secure deployment and operation of Public Cloud services and containerized applications

•Provide governance and oversight for the development and maintenance of CI/CD pipelines to ensure secure code and image deployment

•Responsible for defining the necessary security controls of Public Cloud Services, especially in Azure and GCP. Public Cloud services examples include Cloud SQL, BigQuery, AKS, GKE

•Responsible for reviewing Engineering designs to ensure alignment with applicable security standard and industry practices

•Provide end to end governance for public cloud infrastructure deployment, integration and security controls especially focused on containerized platforms

•Collaborate with DevOps, engineering, and other cross-functional teams to integrate security tools and practices into workflows

•Responsible for developing security reporting that includes KRIs, KPIs to demonstrate the effectiveness of the defined security controls

•Work with 1B and 2nd Line of Defense partners to demonstrate the compliance with the defined security standards and controls

MUST-HAVE Hard Skills:

1.) Strong Azure and/or GCP cloud experience

2.) Engineering or architecture background (design and build)

3.) Infrastructure integration (integrating clouds with other clouds or on-prem systems)

NICE-TO-HAVE

1.) Prior banking or financial institution experience

2.) GKE containers, AKS, Azure Kubernetes

3.) Knowledge of cloud security