Smith & Nephew

Role Overview:

The Cloud Security Engineer will have a profound impact on security operations, engineering, and architecture domains. The overall objective of this role is to support various teams such as product security, security operations, security engineering and various business initiatives and projects in building a secure cloud infrastructure in line with industry best practices. The Cloud Security Engineer will also implement a highly automated approach to monitoring and detecting incidents, as well as responding to them timely and effectively.

Responsibilities:

• Advise internal customers on best practices in design and implementation of secure cloud systems
• Conduct reviews of various cloud platforms, services, and business initiatives to assess cyber risk
• Conduct Cloud Security Posture Management (CSPM) activities
• Design, develop, and implement security solutions to prevent exposure of cloud resources.
• Design, develop, and implement security requirements for cloud-based systems to meet business requirements with appropriate security controls
• Maintain, monitor, and deploy security baselines and automation solutions for hybrid cloud identity platform.
• Design and develop cloud-specific security procedures, standards, and policies.
• Provide support with security incidents, helping the Threat Management team prioritize and remediate appropriately
• Support requirements around SOC2 compliance alongside addressing the project requirements for the AWS platform and Lumino
• Lead continuous improvement and engineering maturity across cloud solutions.

Location:

Pune, India

Education:

Bachelor's degree in computer science, information systems and/or equivalent formal training or work experience.

Nice to have Licenses/ Certifications:

CISSP or equivalent security-related industry certifications

AWS Certified Security - Specialty and/or AWS Associate or higher certification

Certified Cloud Zero Trust (CCZT) Professional Certification

Certified Cloud Security Professional (CCSP)

HIPAA compliance-related certifications (e.g., Certified HIPAA Professional - CHP)

Experience:

Overall 10+ years of experience in IT, with at least 5 years focused on AWS security

5+ years of experience as an Information Security Administrator or Engineer

3+ years of experience in Cloud Security Architecture and/or Engineering.

2+ years of Application Security/Secure Software Development.

Strong understanding of different cloud architecture models, hosting, and deployment models.

Strong experience implementing security monitoring, logging, and alerting

Practical knowledge of AWS foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies

Strong knowledge of cloud security best practices and AWS Well-Architected Framework, especially the Security Pillar

Familiarity with using AWS Cloud Services (EC2, DynamoDB, API Gateway, RDS, Lambda, CloudFront, CloudFormation, CloudWatch, Route 53, WAF, GuardDuty, Security Groups, AWS IAM, etc)

Solid understanding of HIPAA regulations, as well as other compliance frameworks such as SOC 2, PCI-DSS, and GDPR

Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.

Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments

Basic experience with Azure

Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, Cloudformation, Terraform, Ansible) would be a great plus

Experience with services programming (AWS Lambda, Docker, etc.) would be a great plus

NICE TO HAVE: Understanding of M365 suit and Azure security mechanisms

Competences:

Excellent written and oral communication skills.

Excellent customer service skills and problem resolution.

Experience in being able to manage and prioritize multiple tasks in an effective manner.

Experience with service-oriented architecture for cloud-based services.

Understanding of distributed denial of service attack intelligence gathering, concepts, mitigation tools, and techniques.

Understanding of mobility security device and application risk and threat assessment.

Understanding of nation and non-nation state actors, hacktivist groups, advanced threats, and the "kill chain" methodology.

Familiarity with secure coding best practices.

Strong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required

Travel Requirements: 10%

Stay connected and receive alerts for jobs like this by joining our talent community.

We're more than just a company - we're a community! Follow us on LinkedIn to see how we support and empower our employees and patients every day.

Check our Glassdoor page for a glimpse behind the scenes and a sneak peek into You. Unlimited., life, culture, and benefits at S+N.

Explore our new website and learn more about our mission, our team, and the opportunities we offer.

Read Full Description