Cloud Security Engineer (Remote) - UK

at  AlphaSights

The role:
We are looking for a highly talented and driven Cloud Security Engineer who takes pride in their work, to expand our global Platform Engineering team. Successful candidates will join a cross functional team including SRE, DevOps, and Infrastructure Engineers, working closely with the rest of our business to maintain and improve the security of our cloud environments and hosted applications. You will take ownership of reducing risk, applying security best practices, and enforcing security policies across the organisation, as we strive to establish the highest levels of trust within our industry.

What you’ll do:

• Application Security: Applying best practices for securing the SDLC, including knowledge of different application packaging technologies, managing CVEs and other vulnerabilities.
• AWS Auth and Security: Work extensively with IAM, applying principles of least privilege for all services and users, and conducting periodic audits of our access controls. You will also be hands-on with the full suite of AWS security related services.
• SIEM Tools: Maintenance and monitoring of our SIEM, including configuring and tuning of monitors and alerts, incident response and investigations.
• Secure Workloads and Communications: Ensuring that our environments are protected from malicious activity by implementing WAFs, Network Firewalls, Cilium, along with managing and configuring rulesets and policies.
• Identity Management: Experience working with SSO, and various authentication technologies and protocols such as oAuth, SAML and OIDC.
• Risk Management: Establishing and maintaining policies for managing risk, including threat modelling, data protection and classification, and vendor assessments.
• Establish and Maintain Compliance Standards and Controls: Make major contributions to our SOC2 compliance controls, establishing and enforcing policies, and participating in compliance audits.
• Secrets Management: Secure storage of application secrets, including cryptographic keys, along with establishing and enforcing rotation policies.

Who you are:

• You probably have a degree in a STEM subject, but we’re happy to work with people who perfected their craft via a different route.
• Experience working at a similar level in a mature Engineering team, and looking to take your career to the next level. We’re looking for people who have incredible potential.
• Proven track record – You’ve made a demonstrable impact in your previous roles, standing out from your peers. Highly driven and proactive – you relentlessly and independently push through hurdles and drive towards excellent outcomes.
• Meticulous – you hold high standards and have an obsessive attention to detail.
• Certifications – A plus to have obtained a security related certification such as SEC+, CISSP or AWS Security.

Learn more about our tech organization and see our team in action by viewing this video!
Don’t worry if your experience or background doesn’t match all of these areas, we believe a broad spectrum of experience provides great perspective on solving problems in new and innovative ways and we’d love to hear from you.
Please note that unfortunately, we are unable to sponsor visas for this position. AlphaSights is an equal opportunity employer

• Application Security: Applying best practices for securing the SDLC, including knowledge of different application packaging technologies, managing CVEs and other vulnerabilities.
• AWS Auth and Security: Work extensively with IAM, applying principles of least privilege for all services and users, and conducting periodic audits of our access controls. You will also be hands-on with the full suite of AWS security related services.
• SIEM Tools: Maintenance and monitoring of our SIEM, including configuring and tuning of monitors and alerts, incident response and investigations.
• Secure Workloads and Communications: Ensuring that our environments are protected from malicious activity by implementing WAFs, Network Firewalls, Cilium, along with managing and configuring rulesets and policies.
• Identity Management: Experience working with SSO, and various authentication technologies and protocols such as oAuth, SAML and OIDC.
• Risk Management: Establishing and maintaining policies for managing risk, including threat modelling, data protection and classification, and vendor assessments.
• Establish and Maintain Compliance Standards and Controls: Make major contributions to our SOC2 compliance controls, establishing and enforcing policies, and participating in compliance audits.
• Secrets Management: Secure storage of application secrets, including cryptographic keys, along with establishing and enforcing rotation policies