DevOps Security Operations Engineer - AWS Platform

We are seeking a highly skilled AWS DevOps Engineer with extensive experience in FedRAMP setup and compliance. The ideal candidate will have a strong background in cloud infrastructure, automation, and security, with a focus on ensuring compliance with FedRAMP standards. Key Responsibilities : DevOps : - Develop and maintain CI/CD pipelines using tools like Jenkins, GitLab CI, or AWS CodePipeline. - Ensure automated testing and deployment processes are in place and optimized - Implement and manage monitoring and logging solutions using AWS CloudWatch, ELK Stack, or similar tools. - Lead the implementation and maintenance of FedRAMP compliance for AWS environments. - Develop and document FedRAMP System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action and Milestones (POA&M). - Work closely with the security team to ensure all security controls are implemented and maintained according to FedRAMP requirements. Security Operations : - Oversee the monitoring, detection, and response to security threats and incidents as per FedRAMP Requirements - Coordinate incident response activities, including containment, eradication, and recovery. - Oversee the AWS cloud platform, VAPT process, changes for the critical applications and Infrastructure. Security Tools and Technologies : - Evaluate, implement, and manage security tools and technologies to enhance our security posture. - Ensure all security configurations are reviewed with AWS DevSecOps teams for various compliance requirements - Stay up to date with the latest security trends and technologies to recommend improvements. Policy and Procedure Development : - Develop and enforce security policies, standards, and procedures. - Collaborate with cross-functional teams to ensure security policies align with business goals. Incident Reporting and Documentation : - Maintain detailed records of security incidents, investigations, and resolutions. - Prepare and present incident reports to senior management and stakeholders. Must Have Skills : - Extensive experience with AWS services, including EC2, S3, RDS, IAM, VPC, and Lambda. - Security Information and Event Management (SIEM) : Experience with SIEM solutions (e.g., WAZUH, Splunk, ELK Stack) for real-time monitoring and analysis of security events and logs. - Security Monitoring : Strong skills in setting up and managing security monitoring tools, intrusion detection systems (IDS/IPS), and log analysis for threat detection. - Network Security : Proficiency in network security principles, firewall management, VPN technologies, and network segmentation. - Incident Response : Proficiency in incident detection, analysis, and response. The ability to lead incident response teams during security breaches or incidents is crucial. - Cloud Security : Understanding of cloud security best practices and experience securing AWS cloud environments - Security Policies and Procedures : Development and enforcement of security policies, procedures, and guidelines in alignment with industry standards and compliance requirements. - Security Awareness : The ability to promote security awareness and conduct training sessions for staff to improve security hygiene across the organization. - Security Risk Assessment : Conducting risk assessments and vulnerability assessments to identify and prioritize security risks and vulnerabilities. - Project Management : Ability to lead security projects, coordinate resources, and ensure project deadlines are met. Good to Have Skills : - Secure Development Knowledge : Familiarity with secure software development practices, code reviews for security, and integration of security into the software development lifecycle. - Security Certifications : Relevant certifications like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Security Manager (CISA) are often required or highly beneficial. - Relevant certifications such as AWS Certified DevOps Engineer, AWS Certified Solutions Architect - Penetration Testing : Experience with penetration testing and ethical hacking to identify and remediate vulnerabilities. - Encryption Technologies : Knowledge of encryption technologies and their application in securing data at rest and in transit. - Third-Party Risk Management : Experience in evaluating and managing the security risks associated with third-party vendors and partners. - Security Architecture : Understanding of security architecture design principles and the ability to assess and enhance an organization's security architecture. Qualifications : - Bachelor's or Master's degree in Information Security, Computer Science, or related field. - AWS Certified Solutions Architect - Industry certifications such as CISSP, CISM, or CISA are highly desirable. - In-depth knowledge of security technologies, including SIEM, IDS/IPS, firewalls, and endpoint security. - Excellent communication and interpersonal skills. - Strong analytical and problem-solving abilities. - Ability to work effectively under pressure and in high-stress situations. - Experience with cloud security and DevSecOps practices is a plus. (ref:hirist.tech)

Location: bangalore, IN

Posted Date: 11/27/2024