Deep understanding and hands-on experience of public cloud environments (AWS, GCP, Azure), with a focus on cyber security and
Job Description
The NTS Vulnerability Assessment and Cloud Security Testing Team is a fast-paced and dynamic team. We are seeking for a passionate cloud security expert to join the team as Specialist, Cyber Security who will report to the Senior Manager, Information Security. The selected candidate will lead the CSPM and compute Scan day 1 and day 2 activities by actively monitoring and managing the platform for Bell’s public cloud workloads. The candidate will also conduct vulnerability assessments, create action plans, identify and track risk remediation, provide advice on mitigation safeguards, processes and security best practices and act as a spokesperson on cloud security related subjects.
Job Duties/Accountabilities:
- Alerts, accounts, rules, policies
- Actively monitor and manage the CSPM alerts, accounts, rules, policies for Bell’s public cloud workloads
- Identify & implement automation wherever possible
- Track lifecycle of security alerts and policy violations
- Prioritize vulnerabilities discovered along with remediation timeline(s)
- Manage/update GRC tools
- Collect, assess and catalog threat indicators
- Interaction with multiple global teams (security architecture, penetration testing, application development, network teams, etc.)
Compute Scan
- Actively monitor and manage Bell’s public cloud compute workloads
- Track lifecycle of security vulnerabilities for the compute assets
- Deploy defenders to scan registries and containers
- Protect container images in AWS, GCP and Azure
- Interact with multiple internal teams to help them protect and secure their cloud workloads.
Critical Qualifications/Competencies:
- Deep understanding and hands-on experience of public cloud environments (AWS, GCP, Azure), with a focus on cyber security and testing activities.
- Hands-on experience with a CSPM tool (Palo Alto Prisma preferred)
- Experience with Compute Scan activities (Deploying Defenders preferred)
- Think analytically and synthesize technical information from various sources
- High level of personal integrity, and the ability to professionally handle confidential matters and demonstrate a high level of judgment and maturity.
- Excellent skills of verbal and written communications, relationship building, and influencing others.
An Asset:
- Certification(s) in one of the 3 major cloud types AWS, GCP or Azure
- Cyber security professional qualification desirable (e.g. CISSP, CISM, CISA, OPST, CEH, GPEN)
- Knowledge of ISO 2700x, ITIL, and PCI-DSS.
- 5 + years professional work experience in information security
- Experience with security testing tools and methodologies in conducting vulnerability and application security assessments (AppScan & Tenable)
- Ability to analyze IT solutions and technology infrastructure in order to identify and assess security vulnerabilities, threats, and risks.
- A track record of results and effectiveness in applications technical support, trouble-shooting and analysis, problem resolution, and service availability and reliability improvement roles.