Cloud Security Engineer at Trade Ledger

Engineering, Sydney, New South Wales, Australia sydney engineering
Posted 2 days ago

The Role

This opportunity will see you responsible for embedding automated security best practises in our cloud infrastructure and promoting a DevSecOps culture through TradeLedger.

As a member of the DevSecOps team, you will be working closely with the infrastructure Team, the Risk & Compliance function, the Developers, and the outsourced security functions to analyse and implement mitigations to security findings.

Your tasks

  • Contributing to a high quality service and delivery culture.
  • Care for and nurture your team of Trade Legends but not afraid to be firm when required.
  • Ensure that there is an effective process of continuous improvement.
  • Designing and implementing the automation of security and compliance capabilities for cloud-based infrastructure at scale in support of DevSecOps processes.
  • Implementing and maintaining security tooling for vulnerability assessments in cloud infrastructure and code to reduce risks within the build/deploy process.
  • Ongoing monitoring of the organisation's application and infrastructure architecture; reporting security metrics to the Compliance team.
  • Offering expertise to other areas of the business supporting with the creation, development, and enforcement of “security by design”. patterns, architecture principles, governance, standards, and processes.
  • Ensuring change initiatives meet security architecture requirements.
  • Performing periodic security assessments and assisting with ad-hoc security investigations.

About you

  • Strong experience in the AWS Security Suite (AWS IAM, AWS SSO, Amazon Cognito, Amazon GuardDuty, Amazon Inspector, AWS Config, AWS CouldTrail, AWS Shield, AWS WAF, AWS CloudHSM, AWS Certificate Manager, AWS Secret Manager, Amazon Detective, AWS Audit Manager).
  • Thorough knowledge of Docker and Kubernetes including Pod Security Policies, Network Policies, Secret Management; Hardening of Docker images and EC2 instance; in-depth linux knowledge.
  • Hands-on experience of implementing and running Static Application Security Testing (SAST), Dynamic AppSec testing (DAST), and Software Composition Analysis (SCA).
  • Detailed understanding of attacks, threats, vulnerabilities, risks, and countermeasures frameworks (e.g. STRIDE, DREAD, PASTA, D3FEND, ATT&CK, OWASP, CIS benchmarks).
  • Designing, developing, documenting, testing, and debugging new and existing configuration management infrastructure as code and build automation with Terraform, Jenking, and Git.
  • Offensive Security (ethical hacking, pentest, bug bounties) and/or Defensive Security (Blue Team, SOC) experience is a plus.
  • Solid understanding of implementing ISO27001 technical controls in an agile environment.
  • Excellent communication and presentation skills.