What brings us all together at Deloitte? It’s how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. :Collaborate for measurable impact.
Connect to your opportunity.
As a DevSecOps &Cloud Security Senior Engineer, you can expect to be involved in the following activities:
We are seeking a highly skilled and experienced Cloud Security Engineers with a specialization in one of the four public clouds, Oracle Cloud Infrastructure (OCI), Google Cloud Platform (GCP), Microsoft Azure and Amazon Web Services (AWS). The ideal candidate will be responsible for ensuring the security of clients’ cloud environments, by implementing and maintaining robust security measures and monitoring systems for potential threats. This role requires deep technical expertise in cloud security best practices, strong analytical skills, and the ability to collaborate effectively with cross-functional teams.
Responsibilities:
- Design, implement, and manage security controls, policies, and procedures for the cloud environment to safeguard against unauthorized access, data breaches, and other security risks.
- Conduct regular security assessments and audits of the security environment infrastructure, identifying vulnerabilities and areas for improvement, and recommending solutions to mitigate risks.
- Develop and enforce cloud security best practices and policies across the organization.
- Collaborate with development and operations teams to ensure secure deployment and operation of cloud applications.
- Implement native cloud security controls, such as IAM, VM, EDR, cloud security posture management to ensure appropriate access to cloud resources.
- Stay current with emerging cloud security threats, technologies, and best practices.
- Provide security training and guidance to team members and stakeholders on cloud security measures.
- Work with regulatory bodies to ensure compliance with industry standards and Middle East regulations related to cloud security.
- Manage and configure security tools and software, such as firewalls, intrusion detection systems, and encryption technologies, within cloud environments.
- Bachelor’s degree in computer science, Information Security, or a related field.
- Minimum of 3 years of related experience.
Strong hands-on experience on TWO of the below five domains:
Cloud and Container Security:
- Experience with AWS, Azure, GCP or OCI and demonstrable affinity with Cloud technology.
- Experience with containerization: Kubernetes, Docker. Practical experience with serverless and secure development environments, infrastructure-as-code is a plus.
- Knowledge of information security principles and guidelines (including CIS, MITRE ATT&CK frameworks) is an advantage.
Governance and Risk Assessment:
- Experience with security frameworks such as ISO, CSA and PCI.
- Experience with the implementation of cloud risk frameworks and optimization of controls (in CI/CD pipelines).
- Experience with Secure Cloud Architecture Design and Implementation; Design solutions for improving Cloud Security by enforcement of cloud security guardrails and standards.
- Experience with architecture and security reviews, threat modelling applications, and identifying areas of risk.
- Experience with encryption in-flight and at-rest practices, as well as certificate and secrets
- Knowledge of network architectures, topologies, and concepts (Firewalls, LB, WAF, CDN, VPC, ACL, TLS, SSH, and DNS).
- Experience with security solutions such as WAF, IPS, and anti-DDOS systems.
- Experience with network / perimeter security platforms and routing protocols, OSI layers etc.
- Experience implementing strategies to support secure and compliant architectures.
- Good knowledge of application architecture (Microservices, API gateway, service mesh, message queues etc.) and technical expertise in designing controls to secure each layer within the application architecture (web layer, integration layer, backend).
- Strong understanding of authentication and authorization patterns and their applicability within the development context (knowledge of Authentication / Authorization protocols and patterns, Authentication and Authorization within microservices).
- Experience with infrastructure automation, infrastructure as code, automated application deployment, monitoring/telemetry, logging, reporting/dashboarding, and continuous delivery technologies.
- Experience in cybersecurity principles, assessment and triage for security flaws and common vulnerabilities for web and mobile applications. Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
- Experience with continuous security practices, including threat modelling, threat and vulnerability management, secure coding practices, and automated penetration testing.
- Understanding of the OWASP Top 10 application security risks and how to address them.
- Working knowledge of the Security Development Lifecycle (SDLC), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM).
- Understanding of web application security scanning software and related penetration testing tools such as SAST/DAST/IAST/SCA.
- Understanding of service-oriented architecture, building internet-scale, distributed, and critical services.
- Experience on integration & automation of various security technologies.
- Cloud Certifications by AWS/GCP/OCI/Azure.
- Kubernetes Certifications
- Relevant certifications such as CISSP, CCSP, AWS Certified Security – Specialty, or equivalent are highly desirable.
- A willingness to work as part of a diverse team.
- A commitment to continuous improvement and lifelong learning.
- A passion for technology and a drive to deliver secure, high-quality solutions.
- An ability to remain calm under pressure whilst continuing to pay attention to detail.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal abilities.
- Ability to work effectively in a fast-paced and dynamic environment.
- Proactive and self-motivated with a keen attention to detail.