Cloud Security Engineer

Job Tasks and Responsibilities Conduct cloud security assessments, architecture reviews and risk assessments for GCC and public sector cloud environments on AWS and Azure Design, implement and maintain secure cloud architecture, landing zones, guardrails and baseline configurations across AWS and Azure platforms Harden cloud infrastructure, services, virtual machines, containers and platform components based on approved security standards and benchmarks Develop scripts and Infrastructure as Code to automate cloud security hardening, monitoring, compliance checks and remediation activities Implement and manage cloud identity and access management controls including least privilege, federation, privileged access, secrets and key management Configure and maintain cloud security controls such as network segmentation, firewalls, WAF, DDoS protection, private connectivity and encryption Maintain cloud security monitoring, logging and alerting capabilities, and support threat detection, investigation and incident response activities Work with Cloud, DevOps and Application teams to integrate security controls into CI/CD pipelines and secure software delivery processes Perform vulnerability assessments, configuration reviews and remediation tracking for workloads deployed on AWS and Azure Conduct reviews to ensure compliance with security policies, public sector requirements, data residency controls and cloud governance standards Work with Engineering and Operations teams to manage cloud security findings and drive closure through the defect life cycle Improve cloud security processes, standards, playbooks and tools to enhance security posture and operational efficiency Take on a secondary role as a DevSecOps Engineer or Cloud Platform Security Engineer where required by project needs Collaborate with cross-functional teams to enhance security across the cloud development and operations pipeline EXPERIENCE AND SKILLS NEEDED Min 4 years of experience in cloud security engineering, cloud security assessment, analysis and remediation Experience in AWS and Azure, including GCC and public sector / regulated cloud environments, will be an added advantage Experience in secure cloud architecture design, landing zones, account/subscription segregation and cloud governance will be an added advantage Experience in agile development environment will be an added advantage Experience with continuous integration and continuous delivery using GitLab, Azure DevOps, GitHub Actions, Jenkins or other similar tools will be an added advantage Experience with Infrastructure as Code tools such as Terraform, CloudFormation, Bicep, ARM templates or equivalent will be an added advantage Experience with AWS security services such as IAM, Organizations, Control Tower, KMS, CloudTrail, Config, GuardDuty, Security Hub, Inspector, WAF or equivalent will be an added advantage Experience with Azure security services such as Microsoft Entra ID, Azure Policy, Key Vault, Defender for Cloud, Microsoft Sentinel, Azure Monitor, Azure Firewall or equivalent will be an added advantage Experience with cloud security posture management (CSPM), cloud workload protection (CWPP), CNAPP tools such as Wiz, Prisma Cloud, Defender for Cloud, Lacework, Orca or equivalent will be an added advantage Experience with container and Kubernetes security for AKS, EKS, image scanning, runtime protection and secrets management will be an added advantage Experience with IAM, PAM, zero trust, encryption, PKI, SIEM/SOAR, incident response and cloud logging will be an added advantage Experience with vulnerability management and cloud-native security testing tools, including SAST, DAST, SCA, secrets scanning or equivalent will be an added advantage Experience with compliance and governance standards such as CIS Benchmarks, NIST, ISO 27001, SOC 2, PCI DSS and applicable GCC / public sector regulatory requirements will be an added advantage Certified cloud and security professionals such as AWS Certified Security – Specialty, AWS Solutions Architect, Microsoft Certified: Azure Security Engineer Associate (AZ-500), Azure Solutions Architect, CCSP, CCSK, CISSP, CISM or equivalent will be an added advantage Security testing-specific certifications such as CEH, OSCP, GPEN, GWAPT or equivalent will be an added advantage Degree or Diploma in Computer Science, Computer or Electronics Engineering, Information Technology or related disciplines