Cloud Security Automation Engineer

Job Summary:

We are seeking an experienced Cloud Security Automation Engineer to join our consulting team. In this client-facing role you will work with various organizations to secure their cloud-native workloads including the entire lifecycle of Kubernetes environments. You will leverage your expertise in Policy as Code Infrastructure as Code (IaC) secrets management and CI/CD platforms to help clients build secure scalable and automated cloud infrastructures.

Key Responsibilities:

• Client Engagement: Collaborate with clients to understand their cloud security needs assess current environments and provide expert guidance on securing cloud-native and multi-cloud workloads.

• Kubernetes Security Consulting: Design implement and provide guidance on securing Kubernetes clusters for clients including best practices in cluster hardening network policies RBAC and runtime security.

• Policy as Code: Advise clients on developing and enforcing security policies using tools like OPA (Open Policy Agent) HashiCorp Sentinel or other Policy as Code solutions to maintain compliance across their cloud environments.

• Infrastructure as Code (IaC) Consulting: Work with clients to secure their IaC deployments using tools such as Terraform CloudFormation or Bicep templates ensuring security best practices are followed.

• Secrets Management: Assist clients in implementing and automating secrets management solutions using tools like HashiCorp Vault AWS Secrets Manager or Kubernetes Secrets.

• CI/CD Pipeline Security: Collaborate with clients' DevOps teams to integrate security controls into their CI/CD processes leveraging tools like Jenkins GitHub Actions GitLab CI and other automation platforms.

• Cloud-Native Workloads: Guide clients in securing various cloud-native services including serverless functions containers and managed cloud services using best-in-class security tools and practices.

• Monitoring & Remediation: Help clients implement monitoring and logging solutions for cloud security events and automate threat detection and response using SIEM tools and cloud-native services.

• Training & Best Practices: Educate clients' teams on cloud security best practices secure automation techniques and security-as-code methodologies.

• Automation: Develop scripts tools and playbooks to assist clients in automating repetitive security tasks ensuring consistent enforcement of security controls across cloud environments.

Qualifications:

• Proven experience in consulting or a similar role with a focus on securing cloud-native environments particularly Kubernetes.

• Proficiency in Policy as Code tools (e.g. Open Policy Agent Kyverno HashiCorp Sentinel) and experience guiding clients in their implementation.

• Expertise in Infrastructure as Code (IaC) tools like Terraform CDKTF AWS CloudFormation AWS CDK Bicep or Azure Resource Manager (ARM).

• Strong knowledge of secrets management solutions (e.g. HashiCorp Vault AWS Secrets Manager Akeyless Azure KeyVault) and the ability to guide clients through the implementation process.

• Experience with CI/CD & GitOps platforms and integrating security into DevOps & GitOps processes (e.g. Jenkins GitHub Actions GitLab CI ArgoCD Harness ADO).

• Solid understanding of cloud platforms (AWS Azure GCP or OCI) and their native security services.

• Excellent client-facing communication and presentation skills with the ability to work collaboratively in diverse environments.

• Experience with scripting and automation (e.g. Python Bash PowerShell) to support client engagements.

• Preferred: Certifications such as

  • Kubernetes & Cloud Native Association Certifications:

    • Certified Kubernetes Security Specialist (CKS)

    • Certified Kubernetes Administrator. (CKA)

    • Certified Kubernetes Application Developer (CKAD)

    • Kubernetes and Cloud Native Associate (KCNA)

    • Kubernetes and Cloud Native Security Associate (KCSA)

  • CSP Certifications:

    • AWS Certified Security – Specialty

    • AWS DevOps Engineer – Professional

    • AWS Solutions Architect -- Professional and/or Associate

    • AWS SysOps Administrator – Associate

    • AWS Developer – Associate

    • Azure Security Engineer Associate – AZ-500

    • Azure Developer Associate – AZ-204

    • Azure DevOps Engineer – AZ-400

    • Google Cloud Engineer

    • Google Cloud Architect

    • Google Cloud Developer

    • Google Cloud Security Engineer

    • Google Cloud DevOps Engineer

  • HashiCorp Certifications

    • Terraform Associate

    • Terraform Authoring and Operations Professional

    • Vault Associate

    • Vault Operations Professional

    • Consul Associate

  • Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK)

Preferred Skills:

• Experience with container security tools (e.g. Aqua Security CNAPPs (Prisma Cloud Wiz Crowdstrike) Falco).

• Familiarity with cloud security frameworks (e.g. CIS NIST ISO) and the ability to guide clients in adopting them.

• Knowledge of DevSecOps practices and experience in integrating security into the software development lifecycle.