Our client is one of the industry leaders in the insurance business, striving to become a world class digital insurer, we're getting ready for more.
What you'll do:
- Reporting to the Lead Security Architect, the Cloud Security Architect will act as the key point of contact and subject matter expert within the business in regard to Information Security Architecture, collaborating with wider security, architecture, engineering and DevOps teams to advocate best security practice.
- Act as one of the central points of contact within the business with regards to Information Security.
- Contribute to strategic development of Cloud security practices for both Run and Change.
- Collaborate with Architecture, Engineering, DevOps colleagues and squads to review design documents and advocate security best practice.
- Create and maintain Cloud security architecture patterns and reference architecture patterns. Where applicable; map to MITRE ATT&CK and MS Kubernetes threat matrix.
- Continually review and extend Cloud Security Playbooks and preventative controls
- Collaborate with internal DevSecOps and DevOps squads and help provide guidance around adopting security by design
- Support the development of our security operations for monitoring, testing and, where necessary, conduct Cloud implementation review audits.
- Where appropriate, you may be required to support the Incident Response team. Qualifications.
- You will need to have a good background in Cloud Security Architecture and DevOps practices
- Experience working with cloud platforms, particularly AWS services (EC2, EKS(K8), VPC, ELB, S3, RDS, WAF,Lambda, SNS, ELK, etc.)
- Thread modelling techniques and aware of common threats and • implementation failings • Experience of API integration and Security techniques
- Knowledge of AuthN/AuthZ protocols, such as OpenID Connect, OAuth, SAML and AD
- CISSP or equivalent qualification
Bonus points if you have any of the below:
- Kubernetes(K8) / Microservices experience
- Experience of risk modelling concepts (e.g. STRIDE/DREAD)
- Awareness of threat matrix for Kubernetes and of MITRE ATT&CK
- Knowledge of security automation tooling to facilitate CI/CD
- Application(L7) Security knowledge • You may have experience with application security tooling (SAST, DAST)
- Ability to read and understand code/scripts (e.g. Python, Terraform)
- AWS Architect / AWS Security Specialist • (ISC)² CCSP or (SANS) Cloud Security Architect SEC545 • Privacy by design CIPP/E or CIPT