As a Security Engineer, you will be responsible for designing, implementing, and maintaining security controls for our AWS cloud infrastructure. You will ensure the security of our payment processing platform built on Node.js applications and GoLang microservices, while leveraging AWS security services including Shield and CloudFront to protect against threats and ensure optimal performance across global markets.
Key Responsibilities
AWS Cloud Security Architecture
- Design and implement comprehensive security architecture for AWS cloud environments
- Configure and manageAWS Shieldfor DDoS protection across payment processing infrastructure
- Implement and optimizeAWS CloudFrontsecurity configurations including WAF rules, SSL/TLS, and origin protection
- Secure AWS services including EC2, ECS, EKS, Lambda, RDS, S3, and API Gateway
- Design and implement network security controls using VPC, Security Groups, NACLs, and AWS Transit Gateway
- Establish secure CI/CD pipelines forNode.js applicationsandGoLang microservices
Application & Infrastructure Security
- SecureNode.js applicationsrunning on AWS infrastructure including container and serverless environments
- Implement security controls forGoLang microservicesdeployed across multiple AWS regions
- Configure and manage AWS WAF rules for web application protection
- Implement container security for Docker containers running Node.js and GoLang applications
- Secure Kubernetes clusters (EKS) hosting microservices architecture
- Manage secrets and configuration security using AWS Secrets Manager and Parameter Store
Monitoring & Incident Response
- Implement comprehensive security monitoring using AWS CloudTrail, GuardDuty, and Security Hub
- Deploy and manageProwlerfor continuous AWS security monitoring and compliance validation
- UtilizeScoutSuitefor regular multi-cloud security posture assessments
- ConfigureGitleaksmonitoring for continuous secret detection across development workflows
- ImplementOpenGreprules for real-time security vulnerability detection in application code
- Configure CloudWatch alarms and automated incident response workflows
- Develop and maintain security dashboards and reporting mechanisms
- Respond to security incidents and conduct forensic analysis in cloud environments
- Implement automated threat detection and response capabilities
- Monitor and analyze CloudFront access logs and security events
Compliance & Risk Management
- Ensure AWS infrastructure compliance with financial industry regulations (PCI DSS, SOX, GDPR)
- Conduct regular security assessments usingProwlerfor AWS compliance validation andScoutSuitefor comprehensive security audits
- Implement continuous compliance monitoring through automated tools and custom security frameworks
- Implement and maintain data protection controls for payment processing workloads
- Perform risk assessments for cloud services and architectures
- Develop and maintain disaster recovery and business continuity plans
- Support compliance audits and regulatory assessments
Automation & DevSecOps
- Implement Infrastructure as Code (IaC) security using Terraform, CloudFormation, and AWS CDK
- IntegrateGitleaksfor automated secret scanning in CI/CD pipelines and repositories
- DeployOpenGrep (Semgrep)for static analysis and security vulnerability detection in Node.js and GoLang codebases
- UtilizeProwlerfor comprehensive AWS security assessments and compliance checks
- ImplementScoutSuitefor multi-cloud security auditing and configuration reviews
- Develop security automation scripts and tools using Python, Bash, and AWS SDKs
- Integrate security scanning and compliance checks into CI/CD pipelines
- Automate security policy enforcement across AWS accounts and regions
- Implement automated remediation for common security misconfigurations
Required Qualifications
Experience
- 8+ years of experience in cloud security, with strong focus onAWS cloud environments
- Hands-on experience with AWS Shield (Standard and Advanced) for DDoS protection
- Extensive experience securing AWS CloudFront distributionsincluding WAF integration and SSL/TLS configuration
- Strong experience securing Node.js applicationsin cloud environments
- Proven experience with GoLang microservices securityin containerized and serverless architectures
- Hands-on experience with security automation tools including Gitleaks, OpenGrep, Prowler, and ScoutSuite
- Experience with AWS security services (GuardDuty, Security Hub, Config, CloudTrail)
- Knowledge of financial services security requirements and payment processing compliance
Technical Skills
- Advanced proficiency in AWS security services and best practices
- Deep understanding of AWS Shield and DDoS mitigation strategies
- Expert-level knowledge of AWS CloudFront security configurations and optimization
- Strong security knowledge for Node.js applicationsincluding dependency management and runtime security
- Comprehensive understanding of GoLang microservices security patternsand secure coding practices
- Proficiency with security automation tools: Gitleaks (secret scanning), OpenGrep/Semgrep (static analysis), Prowler (AWS security assessment), ScoutSuite (multi-cloud auditing)
- Proficiency in Infrastructure as Code (Terraform, CloudFormation, AWS CDK)
- Experience with container security (Docker, Kubernetes/EKS)
- Knowledge of network security protocols and AWS networking services
- Scripting and automation skills (Python, Bash, PowerShell)
Security Expertise
- Deep understanding of cloud security frameworks (NIST, CSA, AWS Well-Architected Security Pillar)
- Knowledge of web application security and API security best practices
- Experience with vulnerability management and security testing tools
- Understanding of cryptography, PKI, and secure communication protocols
- Knowledge of identity and access management (IAM) and zero-trust architecture
- Experience with security monitoring, SIEM, and incident response
Nice to Have
Certifications
- AWS Security Specialty certification
- AWS Solutions Architect or DevOps Engineer certifications
- Additional security certifications (CISSP, CCSP, CEH, CISSP)
- Cloud security certifications from other providers (Azure, GCP)
Additional Skills
- Experience with multi-cloud security architectures
- Knowledge of serverless security (AWS Lambda, API Gateway)
- Experience with compliance frameworks (SOC 2, PCI DSS, ISO 27001)
- Familiarity with threat modeling and risk assessment methodologies
- Experience with security orchestration and automated response (SOAR)
- Knowledge of machine learning for security analytics
- Experience with payment processing and financial services infrastructure
- Understanding of microservices mesh security (Istio, Consul Connect)
