Security SME

Serve as a Subject Matter Expert (SME) for security technologies, supporting high visibility needs of the business in a variety of special projects. These unique projects often involve expedited deliverables, operational agility, and require top quality deliverables covering both the consulting and operations functions.
Investigate any security incidents and provide insights to internal/external business users.
Develop processes and procedures and fine-tune alerts as part of ongoing improvisation of security operations.
Develop cloud/hybrid and cloud platform-specific security policies, standards, and procedures on cloud providers (Azure, AWS) and cloud-native platforms (PCF, Docker, Kubernetes, etc.).
Identify and deliver appropriate cloud security controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud-native threats.
Conduct integration of supported Cloud-based Security Products such as Web Application Firewall (WAF), Web Security Proxy, etc.
Conduct detailed & comprehensive investigations and triage on a wide variety of security events.
Recommend and implement remediation processes.
Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques.
Collaborate with cross-functional teams to implement security measures and address security requirements.
Communicate security risks, recommendations, and status updates to stakeholders, management, and team members.
Identify opportunities to improve processes and/or tools to ensure the highest level of quality, including documentation, mentoring, and training sessions.
Own the technical components of a customer integration project including but not limited to configuration, debugging, documentation, testing, and go-live support.
Identify and mitigate potential security threats and vulnerabilities.
Provide relevant recommendations to improve the overall security posture of customers.
Deployment of security technologies while ensuring standards are adhered to as well as maintenance/repair supervision working with vendor support teams on corrective activities for system issues.
Assist in any ad-hoc tasks when necessary.

Over 5 years of experience in Information Security or engineering.
At least 2 years of direct experience in one of the public cloud platforms, such as AWS or Azure with strong knowledge of their security features.
Industry-recognized security certifications (OSCP, CISSP, CISA, CEH, AWS Security, etc.).
Ability to identify and drive remediation of public and hybrid cloud risks.
Experience in general security technologies, processes, and concepts.
Experience with web security concepts and technologies such as web application firewalls, and proxy.
Working experience on SIEM / Analytics tools, eg: Securonix, Sentinel.
Working experience with common security operations systems, Intrusion Detection Systems(IDS/IPS), Security Incident Event Management systems(SIEM), anti-virus log collection systems, etc.
Working knowledge of security systems and programs.
Sound fundamental knowledge of Internet technologies, such as TCP/IP, HTTP, SSL, DNS, OWASP Top10, and web servers (e.g. Apache, IIS, Nginx, etc.).
Familiarity with AWS technologies, such as CodePipeline, CodeBuild, CodeDeploy, CodeStar, Guardrails, Amazon ECS, AWS Lambda, and Open-source tools like Jenkins, DefectDojo, and OWASP Glue will be an added advantage.
Strong analytical and problem-solving skills, with the ability to identify and address security risks and Vulnerabilities.
Ability to analyze and develop innovative recommendations and solutions.
Excellent verbal and written communication skills.
Independent and results-oriented.
Willing to work on a flexible schedule depending on business need