Blog

Responsibilities:

• Security Architecture and Implementation:
  • Design and implement secure cloud-native architectures with a focus on Istio service mesh and Kubernetes container orchestration.
  • Harden and secure containerized workloads and microservices using best practices.
  • Leverage Terraform for infrastructure as code (IaC) deployments, ensuring security is baked into the process from the start.
  • Implement security controls and monitoring solutions to detect and respond to potential threats.
• Compliance and Security Auditing:
  • Collaborate with security and compliance teams to ensure adherence to industry standards and regulations.
  • Conduct regular security audits and penetration testing to identify vulnerabilities and recommend remediation strategies.
  • Develop and maintain documentation for security policies, procedures, and incident response plans.
• DevSecOps Integration:
  • Integrate security practices and tools into the CI/CD pipeline to automate security testing and vulnerability scanning.
  • Implement and maintain security tools for code analysis, dependency management, and vulnerability tracking.
  • Promote a culture of security awareness and collaboration within the development and operations teams.
• Incident Response:
  • Participate in incident response activities, including investigation, containment, and recovery.
  • Analyze security incidents and identify root causes to prevent future occurrences.

Qualifications:

• Hands-on Experience:
  • Strong practical experience with Istio service mesh, Envoy proxy, Kubernetes, and Terraform.
  • Proficiency in security penetration testing methodologies or automated API testing tools.
  • Familiarity with cloud security best practices and cloud-native technologies.
• Security and Compliance Knowledge:
  • Understanding of security principles, vulnerabilities, and mitigation techniques.
  • Knowledge of industry security standards and compliance regulations.
  • Experience in conducting security audits and vulnerability assessments.
• Passion for Security:
  • A strong desire to stay abreast of the latest security trends and technologies.
  • Enthusiasm for sharing knowledge and promoting security best practices within the team.
• Strong Communication and Collaboration:
  • Ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
  • Excellent teamwork and collaboration skills, working effectively with cross-functional teams.

Additional Desirable Skills:

• Experience with cloud platforms such as AWS, Azure, or GCP.
• Programming/scripting skills (Python, Java, Bash, etc.)
• Certifications in security and cloud technologies (CISSP, CCSP, etc.)