Security Cloud Engineer
Ocado
- Barcelona
- Permanente
- Tiempo completo
- learning fast (through experimentation, self-motivation etc);
- being autonomous but able to collaborate (sharing knowledge is important to us);
- craftsmanship and innovation (we never stop questioning how we can be better).
- Own, configure and operate a portfolio of Security related products deployed on hundreds of production environments
- E.g. AWS WAF, AWS Guard Duty, AWS Inspector, AWS IAM, AWS Firewall Manager, AWS CloudTrail, etc
- Identify gaps in our security posture and capture them in well-described RFCs that can later be picked up by Product Management
- Identify and adopt best-in-class Perimeter Security Protection systems (e.g. IDS/IPS, WAF, DDoS Protection, etc)
- Identify and adopt best-in-class Security information and event management (SIEM) systems to analyse logs for suspicious activity and create alerts
- Providing advice, training and mentoring to other infrastructure teams in areas where our AWS Security posture can be improved - e.g. resolving security-related support tickets (SIM)
- Champion, plan and implement Security Compliance policies (e.g. SOC-2, PCI, etc) and kitemarks
- Stay current with security-related Cloud Technologies, including emerging trends, best practices, commonly adopted security strategies, and popular security-related third-party solutions.
- Supporting production systems on Security-related vulnerabilities as required, outside of standard working hours and participating in 24x7 on-call rota.
- One or more of the following cyber-security competencies
- Threat detection, vulnerabilities, security operations, encryption, boundary defence, authentication and risk management.
- Knowledgeable of the most common attack vectors, OWASP Top 10, TTPs and Mitre ATT&CK framework.
- Good understanding of well-known protocols and networking concepts: TCP/IP, HTTP/S, DNS, SSH.
- Demonstrable experience with network and system security tools in the Cloud, including network firewalls, Data Protection technologies, Security Information Event Management, intrusion detection systems and intrusion prevention systems, vulnerability scanning, encryption, monitoring and developing technical engineering artefacts.
- One or more of the following cloud engineering competencies
- Able to participate in all aspects of the software development lifecycle (SDLC) when implementing cloud solutions on infrastructure platforms (AWS preferred)
- Capable of writing, maintaining and testing code as IaaC (i.e. CloudFormation, Terraform, CDK, etc.)
- Experience with some of the following: Identity and Access management, Runtime environments, Network systems, Database and Storage technologies, etc.
- Practical experience with enterprise-scale test-first software development (e.g. Python)
- Some experience with Security compliance (e.g. AWS Config, etc.)
- The inclination and ambition to “Automate Everything”, document what is done and produce an easy-to-follow audit trail
- Used and have knowledge of common build tools, repositories and CD/CI tooling.
- Excellent written and verbal communication skills.
- Some level of experience in some of the following areas:
- Vulnerability Detection systems (e.g. AWS Security Hub, AWS Guard Duty, AWS Inspector, Cloud Trail, AWS Trusted Advisor, etc )
- Cloud Infrastructure Protection strategies (e.g. WAF, AWS Shield, AWS Firewall Manager, AWS Organisations: Service Control Policies, AWS Network Firewall, etc)
- Cloud Infrastructure Incident response (e.g. Shield Advanced, etc)
- Technically proactive in setting the technical direction, driving delivery and continuous improvement
- Friendly go-to person on Cloud Security related topics, with deep expertise and strong problem solving and ability to knowledge share
- Able to mentor and coach less experienced team members
- Strong sense of collaboration both within the team and across the organisation
- Knowledge of SCRUM or other Agile methodologies
- Permanent Contract
- Multi-Sport Card
- Medical Insurance
- Life assurance
- Lunch Vouchers
- Training and Development opportunities