At Infinite Talent we currently have an exciting new permanent job opportunity. We are looking for a Cloud Security Engineer to come and join a one of our leading retail clients based in Nuneaton.
The role will be a home-based remote role.
Working in partnership with our Cloud Platforms and Development teams, you will:
- Works daily with engineering teams to improve delivery process, must be mobile first and eCommerce security SME, ensures that test / development is security focused right from the beginning
- Be accountable for implementing the security processes and tools are in our Cloud platform and within DevOps
- Participate in the automation of software to our cloud platform and embed security into our methodology, embracing DevSecOps
- Improve our general security posture across legacy and green field resources including applications and networks
- Be responsible for enhancing security of our data assets in the Cloud as you will be working with data scientists and SMEs
- Improve our monitoring and alerting systems to enhance them with specific and relevant security data points
- Provide point of expertise on application, data and network security to our wider engineering teams - engaging with them in order to ensure consistent adoption of security policies and best practice
- Participate in troubleshooting issues that arise
- Define and implementing a Security Incident Response process/policy with regular improvements, testing and adherence
In addition, you will:
- Contribute to the creation and ongoing maintenance of security engineering principles (secure by design and privacy by design), patterns and standards to reflect best practice and effective use within the company
- Build a network including external relationships with other engineers/SMEs to understand best practice and emerging trends within engineering
- Solid understanding of Secure by Design and Privacy by Design principles
- Three years or more experience in cloud infrastructure security roles (predominantly AWS) working within teams that practice DevSecOps
- Ability to interact comfortably with AWS via CLI and/or API
- Specific expertise in threat assessment, attack surface management, data security, the network stack at Layer 4 and Layer 7, DNS, VPC security, IGW, WAF, API Gateways and CloudFront
- Good knowledge of most of VPN, MFA, SAML, OAuth2, KMS and TLS
- Good knowledge of some IdP frameworks and integration's
- Experience building and running Docker images/containers securely, including container orchestration security
- Experience of code security audit, static and dynamic analysis, defensive programming techniques and visualisation and measurement of security KPIs
- Expertise in at least one scripting or programming language
- AWS Certified Security Specialist
- Experience defining and operating a Security Incident Response process
- Good knowledge of monitoring and alerting
- Knowledge of Windows security (particularly Azure Active Directory)
- Understanding of “cloud native” and 12-Factor applications
- Some exposure to offensive or defensive penetration testing is desirable
- Experience of working in retail and/or finance industry where data security is vital.
This is a fantastic opportunity for someone to join a successful business with fantastic benefits and career progression.
If you would like to know more about this opportunity and you have the skills and experience needed, then please send your CV directly for consideration!