Senior Cloud Security Engineer

at  EQ Bank Equitable Bank

Purpose of the Job
This section should provide a concise overview of the role’s primary objective within the organization. It explains the role’s significance, how it contributes to the company’s goals, and the main outcomes position is expected to achieve.
The Cloud Security Engineer will be responsible for designing, implementing, maintaining and operating all Cloud Security tools. In addition, this role will be taking the lead for many initiatives working with our technology and business teams by providing recommendations on best practices for Cloud Security and ensuring that the appropriate security controls are applied to meet expectations from both regulatory and legal requirements, while contributing to and aligning to our overall Cloud Security Strategy.

KNOWLEDGE/SKILL REQUIREMENTS:

• A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
• At least 3-5 years of information security experience with 2yr+ in Cloud Security
• Strong understanding of Cloud Security concepts, best practices and solutions.
• Understanding of Application Security concepts, best practices is an asset.
• Experience working with Infrastructure as Code, Policy as Code and HELM charts.
• Experience setting up Cloud Security tooling and integration is required.
• In-depth Experience of cloud environments (Azure, AWS) is required.
• The following certifications are an asset: CISSP, CCSP, CCSK and other cloud-provider related certifications
• Experiencing with working in highly complex technical environments
• Understanding and experience with PCI, NIST, MCSB, HIPPA, ISO 27k is required
• Experience working in banking or financial services environment is an asset.
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills.

• Define the scope of the role’s responsibilities and decision-making authority. This includes who the role reports to, what decisions they are empowered to make, and how their actions impact the organization. It should also cover any supervisory or leadership responsibilities.
• Reports directly to the Manager, DevSecOps & Infrastructure Security
• This position sets priorities for themselves
• This position is empowered to make decisions that impact their own position, however, there is decision-making involved relating to vulnerability management, which could have a potential impact on the overall reputation of the bank.
• It is unlikely the decisions made in this position would have a long-term performance impact to the bank.
• This position requires contact with suppliers, and potentially with other FIs through information sharing circles, like FS-ISAC. The nature of contact with suppliers is to troubleshoot issues with current products; to understand capabilities of new products. The nature of contact with other FIs is sharing information related to the cyber threat landscape and how to industry is adapting