Cloud Security Engineer
PLEASE NOTE: This role will be home working until Covid lockdown rules lifted.
The Cloud Security Engineer will lead the PCI/DSS payment project. Using their comprehensive expertise, they will design, implement and support the deployment of the project to support the needs of the customer’s program.
This engineer will provide guidance and hands on experience in areas that can enhance security visibility in the AWS environment.
- All applications are deployed in containers built with Docker
- The Cardholder Data Environment (CDE) will reside within AWS built on EKS (self-managed EC2s rather than Fargate, for reasons of technical limitations with Fargate)
- Applications in the CDE are a mix of in-house Java and open source VoIP components (Kamailio, Asterisk and RTP Engine)
- Take ownership of the outstanding tasks
- Carefully select vendors based on their merits and value for money
- Submit vendor costs for approval
- Provide extremely clear and concise instructions or PoCs which allow our Engineering teams to implement security and compliance recommendations
Tasks would include (but are not limited to) –
- Implement IDS/IPS at the Internet edge of the environment
- Define mechanism for scanning containers for security issues
- Document hardening standards for both machines and containers
- Create an access control policy which governs how access into the CDE is requested and granted
- Implement internal & external vulnerability scanning at least once every 3 months
- Plan and implement internal and external penetration tests by an external tester at least once a year
- Establish a PCI compliant log storage system
- Implement a SIEM system to analyse logs for suspicious activity and creates alerts
- Implement FIM across all machines and containers
Essential Skills/Experience –
- AWS experience
- Project ownership & Delivery experience but must be a doer/hands on
- PCI experience
- Communication skills
- Able to work on own
AAP3 is acting as an Employment Business in relation to this vacancy.