Security Lead

Introduction:
We are seeking a highly skilled and experienced AWS Security Lead to join our team. This position will be crucial in overseeing the security architecture, implementation, and continuous monitoring of our AWS cloud infrastructure. The ideal candidate will possess extensive knowledge of AWS services, security best practices, and a strong background in securing cloud environments. As the AWS Security Lead, you will work closely with engineering, DevOps, and IT teams to safeguard sensitive data, mitigate security risks, and ensure compliance with security standards.

Responsibilities:

• Security Architecture: Design, implement, and maintain security controls and best practices within the AWS cloud environment to ensure robust protection of data and applications.
• Security Governance: Lead the development and enforcement of security policies, procedures, and standards related to AWS infrastructure.
• Incident Response: Investigate and respond to security incidents, including performing root cause analysis and implementing corrective measures.
• Risk Management: Identify, evaluate, and mitigate security risks in the cloud infrastructure, ensuring business continuity and regulatory compliance.
• Continuous Monitoring: Leverage AWS-native tools (such as AWS Security Hub, GuardDuty, CloudTrail, CloudWatch) to continuously monitor security events and alerts.
• Security Audits & Compliance: Lead efforts for regular security audits and assessments to ensure compliance with industry standards such as ISO 27001, SOC 2, PCI-DSS, and GDPR.
• Collaboration: Work closely with cross-functional teams including engineering, DevOps, and IT to integrate security into all phases of the software development lifecycle.
• Training & Awareness: Provide training and mentorship to team members on AWS security best practices and emerging threats.
• Automation: Implement automation to improve the scalability and efficiency of security monitoring and incident response workflows.
• Vulnerability Management: Lead the process of identifying, assessing, and patching vulnerabilities across AWS environments, including regular penetration testing and vulnerability scanning.

Requirements:

• Experience:
  • Minimum of [X] years of experience in cloud security, with a focus on AWS security architecture, configuration, and best practices.
  • Proven experience leading security initiatives and teams in AWS environments.
• Certifications:
  • AWS Certified Security – Specialty or equivalent AWS certifications.
  • CISSP, CISM, or similar security certifications are a plus.
• Technical Skills:
  • In-depth understanding of AWS security services such as IAM, VPC, KMS, CloudTrail, GuardDuty, Security Hub, and Macie.
  • Experience with AWS Well-Architected Framework, specifically the Security Pillar.
  • Strong knowledge of networking, encryption, and security concepts within the AWS cloud.
  • Experience with identity and access management (IAM) policies, roles, and permissions in AWS.
  • Familiarity with infrastructure as code (IaC) using tools like Terraform, CloudFormation, or similar.
  • Experience with continuous integration/continuous deployment (CI/CD) pipelines and their security considerations.
• Soft Skills:
  • Strong communication skills to articulate complex security concepts to both technical and non-technical stakeholders.
  • Ability to work in a fast-paced, dynamic environment and manage multiple priorities.
  • Leadership experience with the ability to mentor and guide junior team members.

Preferred Qualifications:

• Experience with Security Tools: Familiarity with third-party security tools integrated into AWS environments, such as Palo Alto Networks, Check Point, Trend Micro, etc.
• Compliance Knowledge: Hands-on experience with regulatory frameworks such as HIPAA, SOC 2, GDPR, and PCI-DSS.
• Cloud Security Expertise: Experience securing multi-cloud environments, especially AWS, Azure, or GCP.
• Automation & Scripting: Knowledge of scripting languages such as Python, Bash, or PowerShell for automating security tasks and workflows.