TC-CS-Cyber Architecture- OT and Engineering-Cloud Security -Senior

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

TC_CS_Cyber Architecture, OT & Engineering_Cloud Security_Senior

Responsibilities:

• Responsible for designing and implementing security solutions for applications and services deployed on AWS or GCP cloud platforms.
• Design secure SDLC processes and embed security into CI/CD pipelines.
• Develop and enforce policies as code for secure cloud-native deployments.
• Drive security automation and DevSecOps maturity across teams.
• Participate in guiding application teams through key security functional requirements and edge cases.
• Drive security initiatives and adoptions of secured solutions in team by addressing key challenges that aids senior leaderships with strategic directions.
• Ensure alignment with industry standards and regulatory requirements.
• Strong understanding around implementation techniques and tools with regards to application security (eg: SAST, DAST, IaC scanning, secret detection, drift detection etc) tailored for cloud environments (preferably in AWS/GCP Cloud).
• Guide as an SME in the field of security on Cloud with focus on governance, audits, and compliance efforts.
• Perform routine development activities in a sprint based model to enforce detective, preventative and corrective cloud security controls on Cloud.

• Preferred Requirements:
• Deep expertise in core domains of Cloud computing: Compute, Storage, Networking, Data and Security.
• Advanced proficiency in Python/Go with Cloud-native developments and automation use-cases.
• Strong leadership and collaboration skills across cross-functional teams.
• Deep knowledge and hands-on skills in secure development lifecycle and cloud-native scalable design patterns (eg: microservices, containers, CI/CD pipelines with Cloud-native technologies like AWS CodePipeline, Jenkins, Github Actions etc.
• Familiarity with IaC hardening techniques.
• Strong policy as code development
• Strong hands-on experience with Infrastructure as Code technologies like Terraform (Preferred), AWS CloudFormation templates.
• Deep understanding of cloud-native security, container security, and serverless protection.
• Familiarity/awareness around Policy as code in cloud environments.
• Hands-on experience with CSPM tools (Prisma/Wiz/AWS Security Hub etc).

• Required:
• Minimum 4+ years of Cloud technology, specifically in Security engineering, or Security Architecture roles
• 3+ years of extensive hands-on experience with AWS Cloud/GCP Cloud.
• 2+ years of Python/Go development for automation and other use-cases on AWS Cloud/GCP Cloud.
• 3+ years of Terraform(preferred)/AWS CloudFormation experience in infrastructure provisioning. Certifications preferred.
• 3+ years of experience in Github Actions, Bash Scripts, YAML etc.
• Deep expertise in writing production quality modular code or 3+ years of experience in Policy as Code technologies like: HashiCorp Sentinel Policies, OPA (rego policy), OPA GateKeeper policies for Kubernetes, AWS SCPs, Google Organization Policies.
• Strong GIT or version control experience.
• 2+ years of experience working with Docker products, Kubernetes clusters (cloud-native preferably EKS/GKE) and overall containerization lifecycle.
• Any of the following certifications are a plus: AWS Certified Solutions Architect Associate, Google Cloud Professional security engineer, AWS Certified Security Specialty.
• Familiarity with Security frameworks in threat modelling (STRIDE) and other OWASP TOP 10 and implementing them at scale.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.