Role Summary

In this role, you will make significant contributions to building secure and modern cloud solutions. You will be part of a team responsible for designing and implementing security measures to protect cloud environments, assessing potential vulnerabilities, and ensuring compliance with security standards.

Key Responsibilities

• Experience with cloud environments and Governance, Risk, and Compliance (GRC); define control requirements and coverage, review controls on the cloud, and assess the control evidence to help determine if the controls are effective and in place.
• Define control requirements and coverage, review controls on the cloud, and assess the control evidence to help determine if the controls are effective and in place
• Perform cloud security assessments and implement security best practices based on standards like ISO 27001, CIS, and ICS controls.
• Design and implement security measures for cloud environments, including AWS Inspector, AWS GuardDuty, Security Hub, VPC, WAF, and Trusted Advisor.
• Utilize Infrastructure as Code (IaC) technologies to automate security infrastructure deployment.
• Manage application security, following OWASP 10 and SANS 25 guidelines, and perform SAST, DAST, and SCA.
• Conduct threat modeling, vulnerability management, and penetration testing for cloud infrastructure and applications.
• Implement data governance processes, encryption mechanisms, and ID & Access Management (IAM).
• Develop processes for incident and change management, business continuity planning, and capacity management.
• Monitor and analyze logs for security insights and ensure compliance with DLP processes.
• Collaborate with DevOps/DevSecOps teams to enhance security automation and adopt secure coding practices.

Required Skills

• Bachelor’s degree in Information Systems, Information Technology, Computer Science, or similar.
• 5-7 years of experience in cloud security engineering.
• Strong knowledge of cloud architecture, cloud services, and security frameworks.
• Proficiency in Infrastructure as Code (IaC) tools like Terraform and cloud platforms like AWS.
• Experience in application security, vulnerability management, and penetration testing.
• Familiarity with log monitoring services and incident management processes.
• Recommended certifications: CCSK, CCAK, CCSP, AWS Security Specialty.

Due to the high volume of applications we receive, we are unable to respond to every candidate individually. If you have not received a response from GFT regarding your application within 10 workdays, please consider that we have decided to proceed with other candidates. We truly appreciate your interest in GFT and thank you for your understanding.