Cloud / Information Security Engineer

Key Responsibilities :

• Define, implement, and maintain security standards and configurations for AWS, Azure, and GCP platforms, leveraging frameworks such as CIS Benchmarking and NIST.
• Configure, manage, and effectively utilize cloud security scanning tools, including WIZ.IO, Sysdig, Tenable Nessus SC, Bigfix, Qualys, and NEXPOSE, to identify security vulnerabilities and compliance deviations within cloud environments.
• Analyze scan results, interpret findings, and accurately identify instances of non-compliance with defined security policies and frameworks.
• Plan, prioritize, and execute remediation steps for identified security vulnerabilities and compliance gaps across cloud platforms.
• Collaborate closely with cloud engineering, DevOps, and other IT teams to ensure the timely and effective implementation of security controls and remediation actions.
• Monitor the ongoing security posture of the cloud infrastructure and report on compliance status and risks.
• Develop and maintain clear documentation for cloud security configurations, scanning procedures, and remediation processes.
• Stay updated on the latest cloud security threats, vulnerabilities, security best practices, and evolving compliance requirements across AWS, Azure, and GCP.
• Assist in the development and enforcement of cloud security Skills and Qualifications :
• Minimum of 5 to 7 years of experience in Information Security or Cloud Security.
• Mandatory : Experience in defining and implementing security configurations and standards for AWS, Azure, and GCP based on CIS Benchmarking and / or NIST framework.
• Mandatory : Hands-on experience with configuring and utilizing cloud security scanning and vulnerability management tools, specifically including WIZ.IO, Sysdig, Tenable Nessus SC, Bigfix, Qualys, and NEXPOSE.
• Mandatory : Proven experience in the remediation of non-compliance and security vulnerabilities identified through cloud security scanning.
• Strong understanding of security concepts applicable to public cloud platforms (AWS, Azure, GCP).
• Knowledge of security frameworks such as CIS Benchmarks and NIST.
• Excellent analytical and problem-solving skills for identifying and resolving security issues.
• Strong written and verbal communication Skills (Plus Points) :
• Relevant cloud security certifications (e.g., AWS Certified Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer).
• Experience with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation).
• Experience with scripting for automation of security tasks.
• Familiarity with other security tools and technologies (e.g., SIEM, WAF)

ref : hirist.tech)