Contribute to the development, enhancement, and implementation of comprehensive cybersecurity processes, policies, and procedures to bolster the organization's security posture in alignment with evolving cyber threats across AWS cloud and on-premises environments.
Collaborate closely with DevOps and Development teams to conduct security assessments, identify security and privacy issues within AWS, and devise secure solutions that maintain required functionality.
Partner with compliance, security, and legal teams to uphold security requirements in the Cloud, ensuring compliance with regulatory and framework standards such as SOC2, SOX, CIS Benchmarks, and NIST.
Establish key performance indicators (KPIs) and metrics to gauge the effectiveness of cybersecurity processes, providing regular reports to both management and regulatory bodies.
Assess, recommend, and implement cybersecurity tools, technologies, and services to enhance security capabilities within both Cloud and on-premises environments.
Act as a technical lead on cybersecurity projects, working closely with project managers to ensure the successful attainment of project objectives. Collaborate with stakeholders to define project requirements and efficiently manage resources.
Embrace evolving requirements and demonstrate agility in reprioritizing tasks as needed.
Commit to continuous learning and the application of acquired knowledge to keep pace with rapidly evolving tools and technologies. Don't hesitate to seek assistance when necessary.
Engage with various technical and non-technical teams across the organization.
Demonstrate the ability to work independently with minimal supervision.
Over a decade of hands-on experience in cybersecurity, with a strong emphasis on process development, support for industry regulations, and technical project implementation.
Proficiency in cybersecurity tools, technologies, standard practices, cloud security, network security, and secure software development methodologies.
Proven track record in devising and implementing cybersecurity processes, procedures, and governance structures.
In-depth knowledge of application security principles.
Experience in risk assessment and analysis methodologies.
Strong analytical and problem-solving skills, enabling the assessment of complex security challenges and the formulation of effective solutions.
Exceptional communication and presentation skills for conveying technical concepts to both technical and non-technical stakeholders.
Previous implementation experience with security tools such as SIEMs, SecurityHub or Security Center, compliance tools, DLP, MDM, CSPM, Nessus, Tenable, CSPM, third-party monitoring, email security, AWS Control Tower.
Proficiency in scripting languages and tools (Bash, Python, Ruby, Perl, PowerShell, Terraform, Cloudformation AWS/Azure CLI, etc.) and the ability to use these languages for extracting audit and forensic data from logs and other data sources.
Security certifications such as CISSP, CISM, CISA, GIAC, CEH, Security+, AWS Certified Security Specialty, or Azure Security Engineer are preferred.