Cloud Security Specialist-I/II
What will you be doing?
- As a Cloud Security Specialist, you will be a strategic contributor in information security, problem solving and relationship management to lead internal programs aimed at: achieving certification and attestation of multi-cloud platforms against Tally’s security policies, industry standards and regulations, and government regulations, identifying and mitigating security risks in our cloud deployments; ensuring security alignment to corporate policies; and balancing security requirements with the dynamic needs of our users and the values of our company
- Conduct Vulnerability Assessments & penetration testing of Tally’s Cloud Infrastructure using various tools and methodologies
- Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption
- Analyse scan reports and suggest remediation / mitigation plan
- Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices
- Become proficient with corporate and industry security requirements/best practices; stay current on cloud security policies, standards, regulations making recommendations for the company
- Work closely and collaboratively with Information Security Officers, IT Departments, and Business units to support their needs
- Act as an advocate of information security policies, standards, controls and as an enabler to the business while managing risk appropriately
- Drive mitigation of reported risks from continuous monitoring solutions
- Gain deep security-level knowledge of cloud environments, continuous monitoring solutions to understand and provide direct guidance for security remediation activities.
- Partner with enterprise teams to establish preventative controls to support security needs via automation.
- Act as a focal point in the implementation & delivery of a formalized information security awareness offerings
- Maintain strong awareness of cloud security incidents in the external community to identify threats and opportunities for enhancement. Apply those learnings to Cloud Security Operations program and associated solutions.
- Lead evaluation, recommendation, implementation and support third party cloud security ecosystem tools as necessary
- Analyze and recommend cloud cost savings to reduce overall spend; Support annual renewal and budgeting needs
- Provide technical mentoring and knowledge transfer to members of the team
- Who are we looking for?
- Bachelor’s degree in Information Technology and or Security
- 3 or more years of experience with AWS/Public Cloud (AWS Solution Architect Certification a big plus), with 8 or more years of experience in Security, Compliance and risk management, including privacy, controls, etc
- Knowledge of one or more audit frame works (ISO27K, PCI-DSS, GDPR, HIPAA)
- Network Security (multi-vendor) experience
- Broad background of networks, operating systems (Windows, Linux), firewalls and security engineering & compliance concepts
- Knowledge of scripting languages (Python / Shell / Go) will be added advantage
- One of more of the following certifications: Google Cloud Certified (GCP) Associate Cloud Engineer (ACE), Oracle Cloud Infrastructure (OCI) Certified Architect Associate (CAA), AWS Certified Solutions Architect – professional, AWS Certified Security – Specialty, CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP).
- Demonstrated knowledge of multi-cloud platforms (AWS, GCP, Azure, , etc.) to be able to identify and prioritize potential security challenges
- Demonstrated experience of Infrastructure as a Service (IaaS) cloud platforms, such as: IAM, compute (i.e. EC2, GCE), storage (volume/object), networking (VPC, VCN, Load Balancers, Security Groups/List, NACLs), serverless (i.e. Lambda) etc.
- Technical skills to identify and assess cloud security vulnerabilities and risks
- Expertise in researching & evaluating identified vulnerabilities and risks posed to the organization’s information and systems
- Ability to clearly communicate technical concepts to all audiences
- Performance oriented, self-directed ability to drive change & manage multiple projects
- Produce and communicate appropriate reporting & metrics to stakeholders
- Demonstrated experience in administration/management of continuous monitoring solutions
- Account Management: adding/removing cloud accounts
- Expertise with Jenkins, JIRA, Confluence a plus
- Understanding of containerization (Docker, Kubernetes, Elastic Container Service) and best practices to secure registries, images, workloads, etc. a plus
Role: Cloud Security Specialist-I/II
Function: Cloud Operations
Experience: 10-12 yrs
Function: Cloud Operations
Experience: 10-12 yrs