As a Cybersecurity Analyst/Security Architect, you will play a critical role in safeguarding our cloud infrastructure and applications. You will conduct comprehensive security reviews and implement advanced security measures to protect against potential threats.
This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.
responsibilities :
Conduct in-depth security assessments and threat models of AWS, EKS, and web applications/APIs to identify vulnerabilities and propose effective solutions.
Design and implement robust security architectures tailored for cloud environments, focusing on AWS and Kubernetes (EKS).
Collaborate with DevOps and software development teams to integrate security best practices within CI/CD pipelines and across the development lifecycle.
Develop and refine security policies and procedures to ensure comprehensive protection and compliance.
Research and stay abreast of the latest security threats, tools, and methodologies, providing strategic recommendations.
Provide technical guidance and training to internal teams to elevate security awareness and practices.
requirements-expected :
2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience.
3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD).
Security Architecture: Experience participating in Security Architecture reviews and/or Threat Modeling using industry standards.
Pentesting: Hands-on experience with penetration testing is a strong advantage.
Security Controls: Experience designing or supporting security controls for web applications and backend services such as API Gateways, Identity and Access Management, Data Protection, or Security Information and Event Management.
Development Lifecycle: Understanding of Secure Development Lifecycle methodologies and Agile-based practices.
Technical Knowledge: Working knowledge of middleware platforms and common development platforms (such as Java, C#, .NET).
Security Standards: Familiarity with OWASP Top 10 and CWE Top 25 vulnerabilities.
Cloud Security: Direct experience with, or strong understanding of, cloud-based services (SaaS, PaaS, IaaS) and their security considerations.
Security Tools: Practical experience with security technologies such as intrusion detection/prevention systems, firewalls, antivirus, policy enforcement, configuration management, security monitoring, audit, or secure application development.
Certifications: Industry certifications (e.g., CISSP, GIAC, OSCP) are preferred, or a strong willingness to pursue them.
Team Collaboration: Experience working with or supporting cross-functional teams (e.g., security, engineering, pentest, operations) is highly valued.
Communication: Strong written and verbal communication skills, with the ability to effectively document findings and communicate with both technical and non-technical stakeholders.
M&A Activities: Experience supporting Mergers & Acquisitions (M&A) activities is considered a plus.
benefits :
sharing the costs of sports activities
private medical care
sharing the costs of professional training & courses
