Cloud Security Engineer

How You'll Succeed:

• Technical expertise: As a Cloud Security Engineer, you will leverage your deep technical knowledge of cloud ecosystems (AWS, Azure, and GCP) to implement tailored security solutions and effectively mitigate threats and risks.
• Problem-solving skills: Adept problem-solving abilities are crucial in quickly identifying and addressing security issues, ensuring the development and delivery of robust cloud security solutions in a timely manner.
• Collaboration and communication skills: You will actively collaborate with both local and remote team members, playing a pivotal role in defining, designing, and executing cloud security strategies. Excellent communication skills are essential for this role, as you will need to engage with both technical and non-technical audiences.
• Agility: The ability to quickly adapt to the changing threat landscape and move at the pace of the adversary is critical to success in this role.
• Knowledge of cloud security trends: This role requires staying abreast of the latest developments in cloud security and integrating these insights into our practices.
• Balancing security and operational needs: You will balance stringent security guidelines with operational requirements, maintaining the desired corporate security posture while demonstrating empathy and understanding towards the engineering teams' challenges and needs.

Key Responsibilities:

• Manage cloud security tools (CNAPP/CSPM) and implement cloud security controls in a multi-cloud environment (AWS, Azure, and GCP).
• Conduct security reviews of cloud accounts and projects, generate proactive guidance, and participate in cloud design discussions.
• Review IaC/policy as code template proposals and provide recommendations for secure cloud deployments.
• Develop integrations and automations for cloud security detection and response actions to support the Cyber Defence Operations.
• Partner with cloud foundation teams, Cyber Defence Operations, Tech@Lilly, business areas, and suppliers to ensure secure cloud adoption and operations.
• Perform threat analysis and modelling to enable business and technical partners to deliver secure solutions integrated with the SecOps lifecycle.
• Apply threat modelling and analysis frameworks such as MITRE ATT&CK and STRIDE (or STRIDE-LM) in security practices.
• Maintain and expand technical knowledge across cloud security concepts and technologies, driving knowledge growth across security domains.
• Identify technical solutions and drive implementation to support strategic direction, focusing on value, impact, risk mitigation, security controls, privacy controls, detection, response, and quality.
• Prioritize mitigations in relation to technology upgrades, enhancements, and process improvements within the respective domains of accountability.

Your Basic Qualifications:

• Bachelor's degree in Cyber Security, Computer Science, Information Technology, or related field Or
• Leaving Certificate/High School Diploma/GED with 6+ years of experience in Cyber Security, Information Technology, or related field.
• 3+ years of demonstrated experience in cloud architecture and engineering on at least one of the following CSPs - AWS, Azure, GCP.
• Experience with evaluating, mitigating and prioritizing security vulnerabilities, using manual testing methods and/or industry standard commercial or open-source tools. 
• Experience with automating processes for security testing, escalating, and reporting through scripting and working with APIs.
• Knowledge of and ability to apply frameworks such as OWASP Top 10 and MITRE ATT&CK Framework.
• Experience with Infrastructure as Code (IaC).
• Experience in a programming or scripting language (E.g. Python).