AWS Cloud Security Engineer

Globex Digital

India

Fresher

Save

Posted 6 months ago
Be among the first 40 applicants

Early Applicant

Job Description

AWS Cloud Security Engineer

As an AWS Cloud Security Engineer you will be responsible for design, implementation, and management of security measures within NCB AWS environments to protect sensitive data and systems. You will work with engineering team to identify and remediate security vulnerabilities, ensuring compliance with industry standards and regulations.

Key Responsibilities

Security Design and Implementation:

Design, implement, and maintain security controls and policies within the NCB AWS environment, including identity and access management, encryption, and networking.
Build least-privilege IAM roles and permission boundaries
Deploy edge protectionsCloudFront + WAF custom rules, AWS Shield Advanced, Firewall Manager.

Vulnerability Assessment and Remediation:

Identify and address vulnerabilities in AWS infrastructure and applications, using tools like penetration testing and threat simulations.
Run SAST/DAST, container CVE scans, dependency-check reports; track remediation to closure.
Coordinate with Dev team to certify fixes.
Develop run-books for DDoS, credential compromise, and data-breach scenarios

Centralised Logging, Monitoring & Alerting:

Ensure CloudTrail Lake, VPC Flow Logs, EKS audit logs, and Lambda/X-Ray traces feed a unified SIEM
Define actionable metrics/alarms for auth failures, anomalous API calls, WAF blocks, GuardDuty findings.

Compliance and Governance:

Ensure compliance with industry standards like NIST as well as internal security policies.

Incident Response:

Respond to and resolve security incidents, following documented procedures and playbooks that you will be responsible for designing.

Collaboration and Communication:

Collaborate with other teams, including engineering, operations, and NCB InfoSec security team, to ensure a strong security posture.
Partner with Infrastructure and Load-Test engineers on secure topology, scaling, and DR drills.
Monitor spend on Shield Advanced, GuardDuty, and KMS; optimise log-storage retention and security-service quotas.

Documentation and Training:

Document security policies,procedures, and configurations, as well as provide training and awareness to other employees.

Technical Skills

Security Principles:

Strong understanding of security concepts, principles, and best practices.

Cloud Security Best Practices:

Understanding of industry-standard security practices and compliance frameworks like PCI DSS, HIPAA, and GDPR.

AWS Services Proficiency:

Strong understanding of AWS services, especially those related to security like IAM, VPC, CloudTrail, CloudWatch, KMS, and Shield.

Networking:

Solid understanding of network security concepts, including firewalls, VPNs, and intrusion detection/prevention systems.

Security Controls:

Knowledge of various security controls, such as access controls, encryption, and vulnerability management.
AWS WAF (managed & custom rules), Shield Advanced, Firewall Manager, AWS Network Firewall.

Vulnerability Management & Pen-Testing

SAST/DAST tooling (CodeGuru, SonarQube, OWASP ZAP/Burp)
Lambda runtime scanning, SnapStart security considerations, least-privilege function roles.

Programming/Scripting:

Proficiency in scripting languages like Python, Bash, and PowerShell, and potentially other languages like Java or SQL.

Automation:

Experience with automation tools and frameworks for deploying and managing security controls and infrastructure.

Security Monitoring and Logging:

Ability to monitor and analyze cloud-based applications, collect data, and identify potential security threats.
Use GuardDuty, Security Hub, Detective, CloudTrail Lake

Incident Response:

Familiarity with incident response planning and investigation techniques.

Database Services:

Knowledge of AWS database services like Amazon RDS, DynamoDB, and Aurora.
Containerization:
Understanding of containerization technologies like Docker and Kubernetes, and their security aspects.

Cloud Security Tools: