- Bachelor's degree in Computer Science, Information Security, or related field.
- 7+ years of experience in security engineering, cloud security, or compliance roles.
- Strong knowledge of cloud security principles, architectures, and practices.
- Familiarity with security frameworks and best practices: CIS v8, NIST, ISO 27001, CSA.
- Hands-on experience with cloud platforms (AWS, Azure, GCP) and relevant security tools (SIEM, WAF, vulnerability scanners, pen testing tools).
- Experience writing and maintaining security documentation (policies, standards, guidelines).
Technical Expertise:
- Strong understanding of OWASP Web/API vulnerabilities (CSRF, XSS, SQL Injection, etc.) and appropriate mitigations.
- Expertise in API security mechanisms (OIDC, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust).
- Solid grasp of cryptographic concepts (Encryption, Authentication, Symmetric & Asymmetric Cryptography).
- Scripting experience in Python, Bash, or PowerShell for automation and tooling.
- In-depth knowledge of regulatory compliance standards: SOC 2, PCI DSS, HIPAA, GDPR.
Soft Skills:
- Excellent communication skills, able to explain complex security concepts to technical and non-technical audiences.
- Strong attention to detail, with a focus on quality assurance and documentation.
- Effective collaborator with cross-functional teams in cloud and security environments.
Certifications (Mandatory):
- One or more: AWS Certified Security Specialty, Azure Security Engineer, CCSK, CCSP.
