The Public Cloud enablement project covers the necessary people, processes, and technology to allow bank to securely consume public cloud service and infrastructure. The principal delivery arm of the project is the public cloud enablement team, which is a hybrid/cross-functional team populated with members from Hosting Data Services ("HDS") and Enterprise Security Services ("ESS") Cyber, DLP and IAM teams.
This is an exciting and dynamic project, which will continue to expand in importance as the bank adopts public cloud at an enterprise scale.ESS and HDS are two of the biggest departments, delivering central capabilities to the rest of the bank. The team is distributed across North America, London, Poland, Zurich and Singapore.
As an AZURE Cloud Security Engineer, you will work as part of a highly technical team of professionals who are responsible for the design, development, enablement, and deployment of solutions to deliver preventative and detective security solutions on both Azure and Microsoft 365 environments. Good organizational skills, technical expertise, experience of best practice in Cloud security configurations (e.g., CIS, Cloud Security Alliance, STIG) and attention to detail are key in this role. The Cloud Security & Automation Engineer will also need to collaborate and work within the cross functional team with other Cloud SMEs.
Producing technical designs to requirements; producing terraform plans to satisfy IaC or automation requirements, Kusto queries for LAW analytical queries, Azure/M365 security configurations to best practice and benchmark; unit/integration/UAT test of deliverables as required; production of documentation and technical designs; use of JIRA/Wiki tools for project delivery and tracking.
Who we're looking for?
- Strong understanding of core Cloud concepts and 4 years + experience of working in Cloud computing
- Expert knowledge on the AZURE/M365 platforms, Defender Suite, Log Analytics Workspace and Azure Sentinel
- Detailed knowledge on the MSFT Cloud Security products applicable to AZURE (AZURE Defender, Log Analytics Workspaces, Azure Sentinel including UEBA, Azure Policies, Azure RBAC/PIM, AZURE Compliance and Security)
- Expert knowledge on best practice for configuration of preventative and detective security controls as required to secure the AZURE platform & M365 services (Outlook, Office 365, OneDrive, SharePoint, Teams)
Mid-level of proficiency in Terraform, PowerShell, Python, C#, Kusto Query Language
- Networking fundamentals: CIDRs, subnet masking, routing, proxies, reverse proxies, firewalls, BGP
- Security concepts: preventative controls, alerting controls, security monitoring, assurance, penetration testing
- Understand general authN/authZ and federation concepts
- Understand general RBAC concepts
- Understand certificate and secrets management
- Telemetry: understand the basics of logging, monitoring and overall telemetry, knowledge of more modern tracing patterns
- Excellent verbal and written communications skills
- Ability to communicate complexity
- Good understanding of non-technical operating model aspects, such as service management (change, incident, problem)
- General comfort using CI/CD tools
- Ability to produce supporting Architectural diagrams in Visio
Financial Services industry experience preferred
- Desired Certifications/skills track: Azure Security Engineer Associate, Microsoft Information Protection Administrator, Security Operations Analyst Associate