This role is responsible for providing security for cloud-based digital platforms and plays an integral role in engaging with business units in order to ensure the organisations digital platforms are protected.
This role involves analysing existing cloud security measures / controls and creating new and enhanced security methods. This role is part of a larger team dedicated to cloud-based management and security.
The role is also responsible for the development and execution of large-scale cyber security initiatives and requires a professional with problem-solving abilities who can work in a fast-paced environment and has a clear passion for cloud security and cloud technologies.
Provide assurance through collaboration with other stakeholders that all cloud and digital platforms meet the organisations security requirements.
Provide security recommendations on cloud-based data security, platforms and application development.
Recommend innovative technologies or other methods that will enhance the security of cloud-based environments.
Serve as the subject matter expert (SME) on cloud security.
Develop standards, policies and procedures as well as best practices documentation.
Translate security and technical requirements into business requirements and communicate security risks to different audiences ranging from business leaders to engineers.
Influence multi-disciplinary teams in implementing and operating cyber security controls.
Work closely with application developers to deliver creative solutions to complex technology challenges and business requirements.
Automate security controls, data and processes to provide better metrics and operational support.
Utilize cloud-based APIs when appropriate to write network / system level tools for securing cloud environments.
Stay current on emerging security threats, vulnerabilities and controls.
Identify and implement new security technologies and best practices.
Create technical and managerial level reports and conduct risk assessments for Cloud-based applications and infrastructure.
Identify processes / procedures for how to handle cloud security events, including forensic isolation and mitigation with Digital Forensics and Incident Response teams.
Identify new security threats by conducting continual monitoring, penetration testing, vulnerability assessments and log analysis.
Academic qualifications in computer science, cybersecurity, or any related field
Recognised industry certifications in cloud security- CSA CBK, CCSP, CISSP
At least 5 years of experience in cyber security.
At least 3 years of experience and hands-on expertise in cloud security. Practical knowledge of public cloud offerings such as, Azure and GCP.
Practical knowledge of services related to cloud computing, network, storage, content delivery, administration and security, deployment and management, automation technologies.
Robust microservices programming (AWS Lambda, Docker, etc.)
Good understanding and exposure to cloud standards, architecture and models. Experience with PKI, SSL, SSH etc. Hands on knowledge of automation and DevSecOps skills.
Good understanding of software development principles, including design patterns, code structure, programming languages, continuous integration, continuous deployment, and deployment orchestration.
Experience with open-source software security. Experience with network protocols and deep packet inspection. Knowledge of microservices, Kubernetes, docker etc.
Strong technical skills, including experience with Linux and Windows operating systems, scripting languages, and cloud provider ecosystems like, GCP and Azure.
Excellent attention to detail, as they must constantly monitor systems to ensure there are no external threats.
Excellent oral and written communication skills will be essential when interacting with team members. Strong problem-solving skills in order to swiftly and deal with threats or flaws in cloud environments.
Skilled in discussing complex security issues in understandable business terms.
Detailed knowledge of system security vulnerabilities and remediation techniques.
Ability to recommend solutions based on use cases and business requirements.
Stay- Abreast with emerging technologies and threats and ability to proactively assess and evaluate the adoption thereof in the organization.