- Strong understanding of cloud technologies and platforms: Azure or AWS or both(preferred).
- Understanding and hands-on experience of cloud native service such as AWS EC2, S3, CloudFront, VPC, Direct Connect, DynamoDB etc and for Azure VNET, Storage Accounts, Application Gateway, WebApp, CosmosDB etc.
- Should have conducted cloud security assessments and configuration reviews as per industry best practices.
- Should have understanding of AWS SCP, IAM & Resource based policies and Azure policies.
- Familiarity with industry-leading standards and frameworks such as ISO 27001, NIST, CSA CCM, CIS benchmarks to help clients adhere to compliance requirements.
- Knowledge and experience of Risk Management Lifecycle (Risk Identification, Risk Assessment, Risk Response, & Reporting)
- Experience with Cloud Security Solution such CNAPP, CWP, CSPM solutions.
- Knowledge and experience in defining cloud security policies and frameworks for organizations.
- Effective written and communication skills.
- Strong sense of ownership, urgency, and drive.
- Should have the ability to work independently.
- Demonstrate teamwork and collaborate with other teams to ensure client’s cloud environment is secure.
- Optimize and enhance the existing cloud security risk evaluation model.
- Engage in cloud security architecture discussion with different capabilities and BU.
- Update and document security controls as part of the public cloud expertise team.
- Assess AWS and Azure native services for risk and suggest controls to mitigate the risk.
- Present the risk assessment to various BU’s in community forum for suggestions and recommendations.
- Recommend changes to existing policies and procedures based on emerging threats or vulnerabilities.
- Build and enforce a hardening checklist that incorporates industry best practices for public cloud security.
- Provide design-time review and guidance to teams involved in building and deploying solutions on public, private, or hybrid cloud environments, emphasizing security by design principles.
- Validate and communicate the hardening of services, assessing the maturity of applications, services, and infrastructure against the defined security framework.
- Support the development team on bugs reported by consumer of the cloud services.
- Engaged with different Business Units to understand the different use cases on how the CSP Services shall be consumed.
- Monitor operations and propose functional improvements within the scope of security framework and risk analysis.
- Collect evidence and perform technical and functional acceptance tests for "infrastructure and service hardening" projects.
- Holistic experience and view on Cloud Management and Governance.
- Contributing to security architecture interventions in business specific process for acquiring and developing new technology
- Contributing to the development and reporting of metrics for the Secure Design team, within the broader Security Architecture function
- Certification (good to have) : AWS Solutions Architect – Associate; AWS Solution Architect – Professional; Azure Solution Architect or Azure Security Engineer Associate.
Why join us
“We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.
At Société Générale, we are convinced that people are drivers of change, and that the world of
tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious.
Whether you’re joining us for a period of months, years or your entire career, together we can have
a positive impact on the future. Creating, daring, innovating and taking action are part of our DNA.
If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a
daily basis and develop or strengthen your expertise, you will feel right at home with us!
You should know that our employees can dedicate several days per year to solidarity actions during
their working hours, including sponsoring people struggling with their orientation or professional
integration, participating in the financial education of young apprentices and sharing their skills with
charities. There are many ways to get involved.