Senior Cloud Security Infrastructure Engineer
at SITA Switzerland Sarl
London UB3, England, United Kingdom -
Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
---|---|---|---|---|---|---|---|
Immediate | 14 Aug, 2024 | Not Specified | 15 May, 2024 | 2 year(s) or above | Information Security,Aws,Vulnerability,Active Directory,Hybrid Cloud,Kubernetes,Bash,Communication Skills,Containerization,Firewalls,Pki,Security Audits,Cisco,Automation,Docker,Fortinet,Remediation,Vendors,Encryption,Virtualization,Code,Juniper | No | No |
Required Visa Status:
Citizen | GC |
US Citizen | Student Visa |
H1B | CPT |
OPT | H4 Spouse of H1B |
GC Green Card |
Employment Type:
Full Time | Part Time |
Permanent | Independent - 1099 |
Contract – W2 | C2H Independent |
C2H W2 | Contract – Corp 2 Corp |
Contract to Hire – Corp 2 Corp |
Description:
EXPERIENCE:
- 5+ years in an IT engineering or architecture capacity with at least 2 years in a security related field.
- 3+ years experience working in Public Cloud (Azure or AWS with preference on Azure) environments; experience with private / hybrid cloud an advantage.
- Knowledge and experience with automation and deploying infrastructure as Code via CI/CD pipelines a must (Ansible, Terraform, Azure DevOps, GitHub).
- Practical experience of virtualization (VMWare) and containerization (Docker, Kubernetes, Rancher etc.)
- Advanced experience in coding/scripting via Python, Bash, Powershell/PowerCLI for generating test artefacts (users, certificates, signatures, etc)
- Understanding of Linux and Windows administration and configuration (RedHat and Microsoft certifications an advantage) including hardening against CIS Benchmarks & CIS-CAT scanning.
- Understanding of core networking technologies including routing, switching, wi-fi, load balancing, DNS, IPv6 etc. (Cisco or Juniper certifications an advantage)
- Practical experience with network security technologies including firewalls, proxies, secure web gateways, Web Application Firewalls, DDoS protection (certifications in Palo Alto, Fortinet, Cisco, Juniper, Cloudflare security products an advantage)
- Practical experience of deployment and use of vulnerability scanners (e.g. Nessus, Qualys) and vulnerability management including assessments and remediation.
- Proven knowledge and experience of storage technologies, encryption at rest, encryption in transit, secrets and key management, PKI etc.
- Practical experience in trust arrangements and technologies which include identity providers (Active Directory, Azure AD) modern authentication methods (OIDC, SAML), claims/identity mapping across trust domains, federation topologies, token encryption signing, and managed identities for cloud principals (experience with vendors such as Okta, Ping, ForgeRock an advantage).
- Experience with Privileged Access Management / Privileged Identity Management an advantage.
- Understanding of common security frameworks (ISO27001, NIST800-53, CIS, CSA CSM)
- Experience of participating in security audits, tabletop exercises and red teaming an advantage.
- Excellent communication skills and ability to present to all levels of technical / non-technical team members
- Excellent team player with ability to communicate and work with cross functional teams
- Certifications with CISSP, CISM, or CKS desired
- Bachelors degree in Information Security or related field
Responsibilities:
ABOUT THE ROLE & TEAM:
As a Senior Cloud Security Infrastructure Engineer you will be accountable for supporting DevOps teams designing, developing, and operating SITA infrastructure. Reporting to the Project Portfolio Manager, you will be a part of our growing Security and Compliance Team, an Agile Team within SITA Infrastructure & Cloud Engineering (ICE).
The world is changing. Are you ready to define with future of travel with us?
WHAT YOU WILL DO:
- Work with security and infrastructure architects in the secure design of SITA networks and infrastructure.
- Work with scrum teams to support agile delivery of new infrastructure incorporating security and privacy by design.
- Create / review Infrastructure as Code to meet SITA, regulatory and market security requirements and best practices to be deployed via CI/CD pipelines.
- Support DevSecOps initiatives to shift left in the detection and remediation of security vulnerabilities and defects.
- Work closely with the SITA Enterprise Information Security Office (EISO) to evolve security guidance and guardrails around infrastructure development and build following a risk based approach.
- Develop new network and infrastructure security controls and tooling including threat detection, vulnerability management, encryption, identity & access management etc.
- Assess emerging security technologies.
- Provide improvement suggestions regarding the security, usability, performance, maintainability, and scalability of existing infrastructure.
- Provide reports and presentations to key stakeholders including management, business partners, regulators and auditors.
- Contribute to the security maturity of SITA through production of documentation, knowledge transfer and conducting training sessions.
- Assist in responding to security issues and incidents as a Subject Matter Expert.
- Facilitate discussions with Engineering and Development teams, while having ability to guide and persuade in reaching decisions to achieve optimal security and business outcomes.
Qualifications:
REQUIREMENT SUMMARY
Min:2.0Max:5.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Engineering
Trade Certificate
Advanced experience in coding/scripting via python bash powershell/powercli for generating test artefacts (users certificates signatures etc)
Proficient
1
London UB3, United Kingdom