Are you a Lead Security Engineer looking to join a fast-growing tech company?

Read on. 👇

Cloudvisor team
HI, THIS IS US!

Team of Cloudvisor

We're an Advanced Tier AWS Partner operating in the Baltics and Nordics. Our constantly-growing company works closely with AWS to support current and new AWS users in our region. We are working with new technologies, and our task is to ensure that our customers are getting the best out of AWS services.

Oh, and we're a fully remote company. 💪

Right now, we're looking for a Lead Security Engineer to join our team and help us grow at an even greater speed! We seek team members who care about results and are not afraid of taking ownership. These values, applied collectively, help to produce an outstanding Cloudvisor team and culture.

Curious? Read on. 👇

RESPONSIBILITIES

What you will do

You will work a lot at the customer interface: security reviews for customers products and systems.

We are looking for someone who can balance technical risks against business risks and consistently drive for the right results. You must have the passion for applying solutions to complex security challenges, and recognise and fill gaps in capabilities.

You will be responsible for:

  • Analyzing the security of applications and services;
  • Discovering and addressing security issues;
  • Building security automation;
  • Reacting to new threat scenarios.
  • You are also expected to mentor more junior engineers and be a security thought leader for the organization.
REQUIREMENTS

What we expect

You will be able lead security projects (production or business critical setups), having AWS Certified Advanced Networking – Specialty certificate:

    • Use AWS native Controls (Such as AWS CloudTrail and Amazon GuardDuty) being extended with ISV tools;
    • Rely on security best practices, which will include:
      • Automated deployments
      • Standardized setup of multiple AWS accounts
      • Standard for playbook to Incident Response in the cloud
      • Automated deployments of specific application stacks
      • Automated deployments of specific third-party security tools
      • Standardized on-boarding/off-boarding
    • Propose standardized security tooling recommended to customers to meet their security and compliance needs, including ALL of the following:
      • AWS Account Security Assessment (Root Credential Storage, S3 Bucket Permissions, IAM Permissions, etc.)
      • Identity, Access Control, and Federation (Secrets Management, SSO, Privileged User Management, Host/App AuthZ/AuthN)
      • Web Application Firewall (WAF)
      • DDoS protection
      • Firewall and Networking Infrastructure (NGFW, Micro-Segmentation, Security Group Management, Network Analysis/Packet Capture)
      • Remote Connectivity Infrastructure
      • Endpoint, Host Security (EDR/EPP) and Container Security
      • File Integrity Monitoring (FIM)
      • Intrusion Detection and Prevention (IDS/IPS)
      • Centralized Logging, Monitoring, and/or SIEM
      • Proxies and Egress Access
      • Encryption and Key/Secrets Management of S3, EBS, DynamoDB
      • Data Loss Prevention (DLP)
    • Create Architectural diagrams (AWS services used, using the appropriate AWS service icons, how the AWS services are deployed, including virtual private clouds (VPCs), availability zones, subnets, and connections to systems outside of AWS)
    • Setup appropriate Account Configuration:
      • The root user is secured
      • Account contact information is set
      • AWS CloudTrail is enabled
    • Ensure Operational excellence:
      • Metrics are defined for understanding the health of the workload
      • Workload health metrics are collected and analyzed
      • Operational enablement
      • Deployment testing and validation
      • Code assets are version controlled
      • Application and workload telemetry
    • IAM management:
      • Access requirements are defined
      • Grant least privileges
      • Static AWS Access Keys are not used for programmatic access
      • Unique non-root credentials are used for interactive access
    • Networking:
      • Security groups are tightly scoped
      • Data that traverses the Internet is encrypted in transit
      • Data stores are in private subnets
    • IT Operations:
      • Cryptographic keys are managed securely
    • API Integration:
      • Official AWS SDKs are used to call AWS API endpoints
    • Reliability:
      • Deployment automation
      • Availability requirements are defined for the solution
      • The solution adapts to changes in demand
    • Cost optimization:
      • Total cost of ownership (TCO) analysis or cost modeling

Don't worry if you're not a perfect match. You don't need to possess every single qualification listed. We believe the soft skills you display - like friendliness, professionalism, responsiveness, and follow-through - can counter your lack of experience. 😉

REWARD

What we can offer

  • Competitive fixed compensation package. The exact offer will be based on your knowledge and experience;
  • Motivating, creative and flexible working environment;
  • 100% remote-first approach with a "work from anywhere” mentality;
  • Being part of a team compiled only with highly skilled and experienced professionals;
  • Opportunities (and even requirements) for achieving all kinds of AWS certifications.

Are we a match?

Are you passionate about IT, appreciate the collaboration between motivated colleagues?

Are you a person who enjoys challenges and doesn’t mind failure or when things go wrong?

Do you like learning and are you willing to continuously improve yourself?

If you answered YES 3 times, then we would like to hear from you! 👇

 

Tell us a bit more about yourself