• Cloud Security Design and Implementation:

• Design and implement security controls, policies, and procedures for cloud environments.

• Collaborate with DevOps and IT teams to integrate security into the development and deployment lifecycle.

• Conduct risk assessments and vulnerability testing of cloud-based applications and infrastructure.

• Monitoring and Incident Response:

• Monitor cloud environments for potential security breaches or incidents.

• Develop and maintain incident response plans specific to cloud environments.

• Investigate and respond to security incidents, working with cross-functional teams to mitigate threats.

• Compliance and Governance:

• Ensure cloud environments comply with industry regulations, standards, and best practices (GDPR, HIPAA, NIST, etc.).

• Maintain documentation of security policies, procedures, and architecture.

• Conduct regular audits and assessments to verify compliance and identify areas for improvement.

• Automation and Tooling:

• Develop and maintain automated security tools to enhance cloud security posture.

• Integrate security monitoring, alerting, and response capabilities into CI/CD pipelines.

• Evaluate and implement third-party security tools and solutions.

• Training and Awareness:

• Provide training and support to internal teams on cloud security best practices.

• Stay updated on the latest cloud security threats, technologies, and industry trends.

• Advocate for a security-first mindset across the organization.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
• 3+ years of experience in cloud security, with a focus on AWS, Azure, or Google Cloud.
• Strong knowledge of cloud security frameworks, tools, and technologies (IAM, encryption, firewalls, WAF, SIEM, etc.).
• Experience with cloud infrastructure-as-code tools such as Terraform, CloudFormation, or ARM Templates.
• Proficiency in scripting languages such as Python, PowerShell, or Bash.
• Familiarity with container security (Docker, Kubernetes, etc.) and serverless security practices.
• Strong problem-solving skills and ability to work independently and collaboratively.
• Excellent communication skills with the ability to convey complex security concepts to technical and non-technical audiences.

Preferred Qualifications:

• Certifications such as AWS Certified Security Specialty, Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) are a plus.

NA