Cloud Security (DevSecOps) Architect

About us
Infra360 Solutions is a services company specializing in Cloud, DevSecOps, Security, and Observability solutions. We help technology companies adapt DevOps culture in their organization by focusing on long-term DevOps roadmap. We focus on identifying technical and cultural issues in the journey of successfully implementing the DevOps practices in the organization and work with respective teams to fix issues to increase overall productivity. We also do training sessions for the developers and make them realize the importance of DevOps. We provide these services - DevOps, DevSecOps, FinOps, Cost Optimizations, CI/CD, Observability, Cloud Security, Containerization, Cloud Migration, Site Reliability, Performance Optimizations, SIEM and SecOps, Serverless automation, Well-Architected Review, MLOps, Governance, Risk & Compliance. We do assessments of technology architecture, security, governance, compliance, and DevOps maturity model for any technology company and help them optimize their cloud cost, streamline their technology architecture, and set up processes to improve the availability and reliability of their website and applications. We set up tools for monitoring, logging, and observability. We focus on bringing the DevOps culture to the organization to improve its efficiency and delivery.

Job Description

• Understand the AWS ecosystem holistically and create a secure infrastructure, Enforce compliance with IAM principals including least privilege access, password and Secret management, Audit logging, RBAC, user account lifecycle, certificate management and system authentication solutions(SSO/Federation).
• Review Terraform Infrastructure as Code (IaC) change requests to ensure the changes meet all security requirements and verify the change being made adheres to the reviewed design.
• Prepare reference architectures for Developer adoption- Secure Cloud Architecture
• Defining and operationalizing Cloud Security strategy & policies and identify new technologies and solutions to accomplish to-be functionality
• Review current and proposed integrations between company and third party SaaS platforms and integrations. Assist Security team with risk assessments of these platforms and integrations and the IAM team with any required service accounts, API keys, etc.
• Devise and implement *Serverless, Container and Kubernetes Security Strategy in the company.
• Deploy CNAPP(Cloud-Native Application Protection Platform)- CSPM , CWPP solutions at a large scale
• Lead Remediation for findings from CSPM(Cloud Security Posture Management), work with developers on targeted remediation based on prioritization
• Experience working with Infrastructure-as-Code (IaC) to secure-by-design solutions to mitigate/fix cloud security issues(Terraform, Cloud formation,etc)
• Build Tools to assist Engineering teams with remediation of issues at scale across Cloud
• Building security tooling to aid with protection of data stored in the cloud and compliant with relevant regulations- Enforcement of Cloud Data Protection Guidelines from Risk team
• Improve Web App Firewalls (WAF), prior experience with WAF rule fine tuning a plus .Ensure early Identification of intrusion & attacks and implement countermeasures.
• Experience with solutions around DDoS and identify Anti-bot patterns for critical flows
• Partner with SOC team for Security Incident Management and Remediation triage with Engineering across the ecosystem
• Defining, building, and deploying cloud security automation infrastructure and tooling
• Collaborating with DevOps and Engineers to implement new functionality in the cloud.
• Reviewing and enhancing the rules in WAF

Requirements

• A minimum 8+ years of relevant professional experience.
• Bachelor's degree in Computer Science or a related technical discipline, or equivalent practical experience
• Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, S3, CloudTrail, CloudFormation, CloudWatch, AWS Encryption SDK, RDS, ELB, AWS Route 53, CloudFront, SNS
• Experience with enforcement of Security Best practices via Cloud Formation/Terraform IaC
• Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization
• Good understanding of Linux and Windows OS, TCP/IP protocol stack and networking fundamentals, and security principles at all layers of the OSI stack
• Experience with API security, AWS cloud security, container security, network security, cryptography, PKI, certificate management,
• Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar
• Experience in designing cloud-native security architectures applying defense in-depth strategies
• Advanced Expertise in at least one language, Shell scripting/Python/Go/NodeJS, and AWS CLI
• Experience with third-party/open source cloud security tools
• Experience with tooling and systems for a build, infrastructure automation, and monitoring
• Automation Skills. Python, Terraform
• Prior DevOps experience would be an advantage.