Cloud Native Security Consultant (3-5 yrs)

Cloud Native Security Consultant

Description Of Role :

The Security Consultant should have a strong understanding of the emerging security practices and standards. Should be able to consult, engineer and apply security best practices while designing and proposing solutions to our enterprise customers.

Should be able to conduct system security, vulnerability analysis and risk assessment, identify security gaps, identify integration issues, study architecture/platform and design security architecture.

Role :

A Cloud Native Security Consultant undertakes complex work of a high-risk level, often working on several projects.

In this role, you will :

- Interact with senior stakeholders across departments.

- Reach and influence a wide range of people across larger teams and communities.

- Research and apply innovative security architecture solutions to new or existing problems and be able to justify and

communicate design decisions.

- Develop vision, principles, and strategy for security architects for one project or technology.

- Work out subtle security needs.

- Understand the impact of decisions, balancing requirements and deciding between approaches.

- Produce patterns and support quality assurance.

- Be the point of escalation for architects in lower-grade roles.

- Lead the technical design of systems and services.

Qualifications/Experience :

- Bachelors degree in any stream.

- Minimum 3 years of working experience in Cyber Security Consulting or Advisory.

- Successfully delivered at-least 2 (two) Cyber Security consulting and implementation projects as consultant in recent years (2 years).

Certification :

Preferred Certification :

- GIAC Cloud Security Automation (GCSA).

- Certified Kubernetes Security Specialist (CKS).

- Certified DevSecOps Professional (CDP).

- KUBERNETES AND CLOUD NATIVE ASSOCIATE (KCNA).

- OEM certification on CNAPP security products (e.g., Palo Alto Prisma, Checkpoint Cloudguard, Aqua Security etc.

- Cloud Service Provider Security Certificates (e.g., SC-100, AWS Certified Security-Specialty, GCP Professional Cloud Security Engineer).

- Pen Tester certification (LPT/ OSCP/GPEN) Certified Security Specialty.

Certification should be valid.

Responsibilities :

Below will be the scope of the role :

- Collaborate with teams to build & deliver solutions implementing serverless, microservices based, IaaS, PaaS and

containerized architecture of multi cloud environment.

- Develop rule base and parameterized IaC templates for automated deployment using Terraform.

- Build CI/CD Pipeline using AWS (CodeBuild, CodeDeploy, CodePipeline), Google (Cloud Build), Azure (DevOps, Pipelines).

- Integrate 3 rd party tool with CICD Process (e.g. SonarQube, CheckMarx, Embold).

- Config Manage environment using industry standard DevOps tools (Ansible).

- Implement scripting to extend build\deployment\monitoring process (PowerShell, Bash, Python).

- Ability to develop IaC with Terraform.

- Strong understanding on Cloud Networking.

- Container, Microservices, Docker, Kubernetes security.

- Network Security Orchestration on Microservices environment.

- Secure Microservice Communication, Secure Authentication to Common DB without API/password/sharing keys.

- Technical documentation, Product evaluation, POC.

- Implementation, Migration and Architect of Security Technology and Solution.

- DevOps, DevSecOps and SRE (site reliability Engineering) mindset.

Knowledge And Skills :

Candidate should have experience in the below domains :

- Hands on experience with Cloud Native Application protection CNAPP Tools (Prisma Cloud by Palo Alto, Checkpoint Cloud

Guard, Aqua Security).

- Hands on experience with Automation Tools (e.g., Ansible, Chef, Puppet).

- Experienced with Application migration from Monolithic to Microservices Architecture.

- Web Application Firewall implementation experience at Kubernetes and API Gateway.

- Experience with implementation of Vulnerability scanner and Container Image repository hardening.

- Well depth understanding on AWS, AZURE, GCP offered services (EKS, AKS, GKE).

- Understanding and review of Infrastructure as Code (IaC), Compliance as Code (CaC).

- Updated with trends and participation of industry recognized forum (e.g., Cloud Native Computing Foundation).

- Experienced with deliverables on Cloud Security Posture Management, Cloud Workload Protection, Cloud Infra Entitle

Management, Serverless Security.

- Application Security testing for Web and Mobile as SAST/DAST/IAST approach (Fortify, Veracode, Burp Suite).

- Secure Code review, Open-Source validation (Gitlab, Coverity, SonarQube, Black Duck).

- Well versed with OWASP Top10 and SANS top 25 Vulnerabilities and remediation.

- Well understanding on PTES (Penetration Testing Execution Standard) and Testing.

- Well understanding Software Security Framework (e.g., BSIMM, SAMM).

- Good written & verbal communication and analytical skills.

- Good documentation skills.

- Good problem-solving skills.