Cybersecurity Consultant - Public cloud

Responsibilities:

• Conduct and participate in the regular governance calls with different stakeholders to enhance the public cloud security operations
• Management of security validations and exceptions raised on the public cloud infrastructure
• Drive the process implementation, enhancements and improvements on the
• Conduct regular governance with vulnerability and SOC teams to enhance the detection security posture on cloud
• Conduct risk assessments and security evaluations of public cloud applications/infrastructure in line with SG’s framework/standards/guidelines
• Drive the pentest governance strategy, roll-out and remediations within its public cloud scope
• Drive the cloud native services non-compliance alert escalations, follow-up and reporting
•  Assess and manage IT risk treatment in all new projects or infrastructure within its scope (integration of security into projects, secure by design processes)
•  Enforce Group policies / standards and/or procedures / good security practices within its department.
•   Develop and maintain process documentation, and reporting dashboards (KPIs, KRAs)
•  Communicate risk and security recommendations to stakeholders
•  Contribute to security audits support with artifacts (internal audit / regulators) within its scope
• To act as a security expert and point of contact on all the operational security and risk management activities
•  Drive the remediation of critical vulnerabilities/alerts reported with vulnerability management team reported by CSPs
•  Monitor and coordinate for timely closure of audit recommendations (internal / regulators), if necessary, intervene in support of operational teams.
• Review the security assessment and audit reports available from CSPs
•  Communicate the status of security audits (internal audit / regulators) as well as the plans for dealing with recommendations.
• Prepare, update and review the major incident response plan with the CSPs and internal stakeholders

·       14+ years of experience in operational security and risk management, or related fields

·       8+ years of experience in public cloud security operations in Azure (Preferred) and AWS

·       Strong understanding of cloud native security services on Azure and AWS

·       Strong understanding of infrastructure & application security architecture, compliance frameworks, and risk management principles

·       Experience with infrastructure & application security assessments, risk assessments, and security controls implementation

·       Excellent analytical, problem-solving, and communication skills

·       Familiarity with cloud security framework, tools, and technologies (e.g., CIS, OWASP, CNAPP, SOC, Infrastructure security, IAM, DevSecOps, DAST/SAST. NIST, CCM)

·      Education Qualification and Certifications:

o   SC-100, CCSK, CEH or CPENT are mandatory

o   CCSP or CISSP (optional)

•   Bachelors or master's in computer science/information technology/Information security (Mandatory)

 “We are committed to creating a diverse environment and are proud to be an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status”.

At Société Générale, we are convinced that people are drivers of change, and that the world of tomorrow will be shaped by all their initiatives, from the smallest to the most ambitious. Whether you’re joining us for a period of months, years or your entire career, together we can have a positive impact on the future. Creating, daring, innovating, and taking action are part of our DNA. If you too want to be directly involved, grow in a stimulating and caring environment, feel useful on a daily basis and develop or strengthen your expertise, you will feel right at home with us!

Still hesitating?
You should know that our employees can dedicate several days per year to solidarity actions during their working hours, including sponsoring people struggling with their orientation or professional integration, participating in the financial education of young apprentices, and sharing their skills with charities. There are many ways to get involved.

We are committed to support accelerating our Group’s ESG strategy by implementing ESG principles in all our activities and policies. They are translated in our business activity (ESG assessment, reporting, project management or IT activities), our work environment and in our responsible practices for environment protection.