Cloud Security Engineer

Cloud Security Engineer
6 Months
£(Apply online only) per day (Inside IR35)
Hybrid - 1-2 Days per month on-site in London

Key Accountabilities
Responsible for ensuring the security implementation of GDO projects across T&I and CTIO areas, delivering high quality services and creative solutions across all Cloud hosted solutions.
Create Cloud Security Policies and engineer them - Preventive, Detective, Reactive and Forensic Controls. Test Cloud Security Policies.
Engineer Security Controls for Cloud-based AI Solutions. Perform end-to-end Cloud Security Assurance for AI Workloads.
Engineer Cloud Security Solutions for Container Technology and micro services.
Engineer Cloud Security Solutions for Development, Security and Operations (DevSecOps). Engage across multiple functions on a global level to build and deploy DevSecOps for Cloud environments.
Perform Threat Modelling for Cloud-based Workloads and Develop Counter Measures.
Perform design reviews of new 3rd party Cloud and/or On Prem solutions, products, and services to identify potential risks and recommend appropriate mitigations.
Ensure Security overlay of all cloud solutions
Work with key stakeholders to develop and apply Cloud Security Policies, Standards and Principles
Responsible for monitoring and driving Cloud Security Compliance during project lifecycle
Delivering the technical aspects through plan > design > build for project & compliance security testing
Responsible for development of solutions to secure architecture requirements and standards.
Ensures accurate delivery progress reporting is completed and communicated to relevant stakeholders

Knowledge & Experience
Certification in one or more cloud vendor offerings such as AWS, GCP, Azure, OCI preferred.
CISSP, CCSP, OSCP, SANS or equivalent desirable

Specific Knowledge & Experience:
Strong hands-on experience in a cloud security environment. This could either be as a cloud security engineer or cloud security specialist within a security team, or as a cloud solutions architect with significant experience of designing, engineering and securing cloud hosted solutions against real-world threats.
Strong cloud security engineering and/or architecture experience in the fundamental Cloud Security Domains - Governance, Risk and Control (GRC), Identity and Access Management, Cloud Network and Compute Infrastructure Security, Data Protection (at-rest/in-transit), Workload Security, SIEM, Logging and Monitoring.
Experience with Cloud Security Frameworks e.g. AWS Well-Architected, Google Cloud Security Foundations, and/or Open Architecture Frameworks e.g. TOGAF.
AI Security Assurance for Cloud-based Services - Familiarity or expertise with AI Security Frameworks e.g. Google Secure AI Framework (SAIF).
Experience with engineering Security Solutions for Container Technology and micro services - Kubernetes (GKE, EKS or AKS), ECS or Fargate, Docker, ECR, GCR, etc.
Experience with engineering Security Solutions for Development, Security and Operations (DevSecOps).
Experience with Cloud Security Posture Management tools - C3M, Prisma Cloud, Rapid 7, CheckPoint (Dome9).
Experience with CI/CD tools, Git, GitHub, branching frameworks, and integrating automated security tests with CI/CD pipelines, etc. Knowledge of common cloud connectivity methods and orchestration technologies.
Experience with Infrastructure as Code (IaC) and Policy as Code(PaC) - Terraform, CloudFormation, Deployment Manager, CfnNag, CloudFormation Guard, Cloud Query Language, Hashicorp Sentinel Language, Prisma Cloud Resource Query Language, and Monitoring Query Language.
Cloud Security Policy Engineering and Testing - create cloud security policy, engineer it, test it and deploy it.
Experience Workload Coding Languages & Frameworks - JAVA REST services with Spring, Python, .NET, etc.
Threat Modelling Skills with tools such as IriusRisk or similar; experienced at identifying security flaws in cloud solutions via architectural assessment and threat modelling.
Experience in Cloud Security Risk Assessment /Cloud Security Assurance.
Strong engineering and/or architecture experience in the fundamental Cloud Security Domains - Identity and Access Management, Cloud Network and Compute Infrastructure Security, Data Protection (at-rest/in-transit), Workload Security, SIEM, Logging and Monitoring.
In depth knowledge of various Cloud Models - IaaS, PaaS, SaaS, hybrid and multi-cloud models.
Familiar with common industry cloud providers - AWS, GCP, Azure, OCI.
Practical understanding of industry cloud security principles and their application - NCSC, NIST, CSA.
Familiarity with common cloud related compliance Benchmarks - CIS, GDPR, PCI-DSS, ISO27001, ISO27017, ISO27018, TSR, OFCOM.
Strong documentation, design and presentation skills with the ability to create management reporting to convey business justifications, architectural designs and work flows.
Experience of analysing, assessing and resolving complex technology requirements, problems and issues.
Strong experience in designing, integrating and deploying security solutions in a dynamic, high pressure working environment.

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change