Cloud Security Automation Engineer

Job Summary:

We are seeking an experienced Cloud Security Automation Engineer to join our consulting team. In this client-facing role, you will work with various organizations to secure their cloud-native workloads, including the entire lifecycle of Kubernetes environments. You will leverage your expertise in Policy as Code, Infrastructure as Code (IaC), secrets management, and CI/CD platforms to help clients build secure, scalable, and automated cloud infrastructures.

Key Responsibilities:

• Client Engagement: Collaborate with clients to understand their cloud security needs, assess current environments, and provide expert guidance on securing cloud-native and multi-cloud workloads.

• Kubernetes Security Consulting: Design, implement, and provide guidance on securing Kubernetes clusters for clients, including best practices in cluster hardening, network policies, RBAC, and runtime security.

• Policy as Code: Advise clients on developing and enforcing security policies using tools like OPA (Open Policy Agent), HashiCorp Sentinel, or other Policy as Code solutions to maintain compliance across their cloud environments.

• Infrastructure as Code (IaC) Consulting: Work with clients to secure their IaC deployments using tools such as Terraform, CloudFormation, or Bicep templates, ensuring security best practices are followed.

• Secrets Management: Assist clients in implementing and automating secrets management solutions using tools like HashiCorp Vault, AWS Secrets Manager, or Kubernetes Secrets.

• CI/CD Pipeline Security: Collaborate with clients' DevOps teams to integrate security controls into their CI/CD processes, leveraging tools like Jenkins, GitHub Actions, GitLab CI, and other automation platforms.

• Cloud-Native Workloads: Guide clients in securing various cloud-native services, including serverless functions, containers, and managed cloud services using best-in-class security tools and practices.

• Monitoring & Remediation: Help clients implement monitoring and logging solutions for cloud security events and automate threat detection and response using SIEM tools and cloud-native services.

• Training & Best Practices: Educate clients' teams on cloud security best practices, secure automation techniques, and security-as-code methodologies.

• Automation: Develop scripts, tools, and playbooks to assist clients in automating repetitive security tasks, ensuring consistent enforcement of security controls across cloud environments.

Qualifications:

• Proven experience in consulting or a similar role, with a focus on securing cloud-native environments, particularly Kubernetes.

• Proficiency in Policy as Code tools (e.g., Open Policy Agent, Kyverno, HashiCorp Sentinel) and experience guiding clients in their implementation.

• Expertise in Infrastructure as Code (IaC) tools like Terraform, CDKTF, AWS CloudFormation, AWS CDK, Bicep, or Azure Resource Manager (ARM).

• Strong knowledge of secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, Akeyless, Azure KeyVault) and the ability to guide clients through the implementation process.

• Experience with CI/CD & GitOps platforms and integrating security into DevOps & GitOps processes (e.g., Jenkins, GitHub Actions, GitLab CI, ArgoCD, Harness, ADO).

• Solid understanding of cloud platforms (AWS, Azure, GCP, or OCI) and their native security services.

• Excellent client-facing communication and presentation skills, with the ability to work collaboratively in diverse environments.

• Experience with scripting and automation (e.g., Python, Bash, PowerShell) to support client engagements.

• Preferred: Certifications such as

  • Kubernetes & Cloud Native Association Certifications:

    • Certified Kubernetes Security Specialist (CKS)

    • Certified Kubernetes Administrator. (CKA)

    • Certified Kubernetes Application Developer (CKAD)

    • Kubernetes and Cloud Native Associate (KCNA)

    • Kubernetes and Cloud Native Security Associate (KCSA)

  • CSP Certifications:

    • AWS Certified Security – Specialty

    • AWS DevOps Engineer – Professional

    • AWS Solutions Architect -- Professional and/or Associate

    • AWS SysOps Administrator – Associate

    • AWS Developer – Associate

    • Azure Security Engineer Associate – AZ-500

    • Azure Developer Associate – AZ-204

    • Azure DevOps Engineer – AZ-400

    • Google Cloud Engineer

    • Google Cloud Architect

    • Google Cloud Developer

    • Google Cloud Security Engineer

    • Google Cloud DevOps Engineer

  • HashiCorp Certifications

    • Terraform Associate

    • Terraform Authoring and Operations Professional

    • Vault Associate

    • Vault Operations Professional

    • Consul Associate

  • Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK)

Preferred Skills:

• Experience with container security tools (e.g., Aqua Security, CNAPPs (Prisma Cloud, Wiz, Crowdstrike), Falco).

• Familiarity with cloud security frameworks (e.g., CIS, NIST, ISO) and the ability to guide clients in adopting them.

• Knowledge of DevSecOps practices and experience in integrating security into the software development lifecycle.