Cloud security consultant

Posted: Dec. 22, 2022, 5:39 a.m. - Full Time - Pune - remote work

The digital world is forever morphing and if you are ready keep up with these changing technological needs by designing applications for the cloud, planning the cloud architecture, adapting security measures, provisioning resources, and maintaining cloud components, we have got you an offer!

We are in hunt for having someone for the Cloud AWS role to expand our renowned Bandit family at Payatu. In the quest for Bandits, here is an excellent opportunity we would like to share with you.

Who we are?

We are a bunch of young and passionate folks who are driven by the power of the latest and innovative technologies. We are on the mission of making the Cyberworld safe for every organization, product, and individual.

What we look for outside work parameters?

  • Your expertise is your primary qualification, not your degree or certification.

  • Publicly known contributions.

  • Research papers written, presented, and published.

  • Tools Developed.

  • Published exploits, CTF scores and hall of fame as testimonies to your work.

  • Learning from the community and enthusiastically contributing back.

You Have All Our Desired Qualities, if:

  • You have 1+ years of experience in cloud application and cloud service security assessment.

  • You have the knack of finding security bugs in everything you touch.

  • You like automating stuff.

  • You have excellent written and verbal communication skills and ability to express your thoughts clearly.

  • You have the skill to articulate and present technical things in business language.

  • You can work independently as well as within a team and meet project schedule and deadlines.

  • You have strong problem solving, troubleshooting and analysis skills.

  • You are comfortable working in a dynamic and fast-paced work environment.

  • You are working on something on your own in your field apart from official work.

You are a perfect technical fit if:

  • You have strong knowledge of cloud (IAAS, PAAS and SAAS) with AWS.

  • You have good knowledge of various AWS cloud security frameworks and CSPM tools.

  • You have knowledge of best practices for hardening and configuration review.

  • You have experience with certificate managers and key management systems like Vault and AWS, KMS and basic understanding of infrastructure cloud security and related tools like WAF, AWS Inspector, AWS Guard- duty, etc.

  • You have experience of working on architecture, monitoring and securely deploying enterprise applications on AWS Cloud Platform.

  • You have experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and process (Application Security, data protection, cryptography, identity, and access management (IAM), network security).

  • You have cloud automation

  • Scripting knowledge.

  • You should be comfortable with scripting in Shell, Python, Ruby, or any preferred scripting language.

  • You have familiarity with security of cloud container services (AWS EKS).

  • You understand infrastructure as a code and concepts.

  • You have strong experience in AWS Security (Cloudwatch, GuardDuty, Elastic Block Storage, Macie, KMS, IAM or Security Hub).

  • You should have good hands on various AWS cloud networking services (VPC, Gateway, Direct Connect, Transit Gateway).

  • Familiarity with Threat modeling is a plus.

  • You have AWS specific relevant certifications are an added advantage.

Your everyday work will look like:

  • Assess the Environment and conduct security testing for Cloud [AWS].

  • AWS Environment Security Risk Assessment, Governance and Monitoring.

  • Define Cloud security standards and implement them (based on CIS, STIG, etc).

  • Reviewing application hardening baselines and implement best practices for security on AWS.

  • Back your findings with Proof-of-concept exploits.

  • Collect evidence and maintain a detailed write-up of the findings.

  • Understand and explain the results with impact on business and compliance status.

  • Explain and demonstrate vulnerabilities to application/system owners.

  • Provide appropriate remediation and mitigations of the identified vulnerabilities.

  • Deliver results within stipulated timelines.

  • Develop security guidance documentation.

  • Sharpen your saw with continuous research, learning.