The ideal candidate would be someone strong working with Python and a strong background in cloud infrastructure and security. The organization is particularly interested in candidates who have a passion for DevOps and SecOps, as this role is focused on protecting the enterprise infrastructure rather than building customer-facing applications.
Top 3 Requirements:
1. Strong background in cloud infrastructure and security
CSPM - At least 2 years of experience working with a Cloud Security Posture Management tool (Cloud Custodian, Wiz, Aqua Security, Prisma Cloud, etc) Ideally, they would prefer experience with the Cloud Custodian over the other tools.
2. Python
3. AWS
Scope of Work:
Onboard and manage new cloud services, primarily from AWS, for the organization
Partner with the cybersecurity risk team to analyze risks associated with new cloud services
Implement detection and prevention measures using the tool Cloud Custodian- This is a Cloud Security Posture Management tool
Contribute to the open-source Cloud Custodian project by writing Python code to address gaps in the tool's capabilities as it pertains to AWS services needing onboard
Manage a backlog of 50 cloud services that need to be recertified every 2 years - if they win the Discover work they will need to do this for all of the AWS services not currently certified to their standards
Ensure that changes to existing cloud services are properly assessed and addressed
Required Skill Set:
Strong Python development skills for automation and tuning of
Experience with AWS services and concepts, such as EC2, IAM, networking, and data sharing - we are not needing a cloud engineer here. We are needing someone who understands these services and the policies needing enforced surrounding their use
Understanding of identity and access management (IAM) basics, including roles and policies
Familiarity with DevOps and SecOps practices
Ability to write code that interacts with cloud service APIs, particularly AWS API libraries
Passion for security and a desire to work in a behind-the-scenes, "thankless" role that isn't front end focused
Preference for candidates with prior DevOps or cloud infrastructure experience