Cloud Security Consultant

Job Description

We are looking for experienced Cloud Security Consultants of all levels to join our consulting team in delivering cloud-focused security services to our clients. Prior experience in cloud architecture, cloud engineering or software development on top of cloud platforms is highly valued, as is security experience operating in cloud-native environments. If you are looking to start your career or switch career tracks, you may be a better fit for our associate cloud consultant role https://emp.jobylon.com/jobs/p...

The Role

We are looking for smart, inquisitive, and creative individuals to join our cloud security consulting team. We are more interested in how fast you pick up innovative technologies and approaches than we are in what you already know, and we focus on hiring consultants who we believe will help drive the team forward. As part of your role, you will be collaborating on exciting projects for a wide range of clients, many of whom live on the bleeding edge of their industry.

As a member of the cloud consulting team at WithSecure, you will:

• Deliver hands-on security consultancy for WithSecure' s clients, including technical assessments of cloud workloads, architecture reviews, report writing and presentations
• Help to design programmes of work for our clients to meet their security objectives, and provide pre-sales support to our sales team.
• Work with our clients to provide tailored advice on securing their fast-moving, cloud native environments.
• Develop and maintain a solid understanding of modern development practices, such as agile working practices, infrastructure as code, continuous integration and delivery (CI/CD), containerisation and serverless application development

In addition, successful consultants support the business in areas beyond delivery of client work. That may include one or more of the following;

• Maintaining and enhancing our internal cloud testing methodologies
• Contributing to research and tool development, both internally and across the broader security community
• Translate that research and tool development into internal and externally facing output, such as blog posts, conference talks and open-source tool releases.

We are recruiting at all grades, and would particularly welcome applications from:

• Cloud engineers looking to make the shift into security
• Systems administrators and developers with experience developing and maintaining production workloads
• Those looking to make the move into cybersecurity from other fields

Why join us?

Our goal is to make WithSecure a stellar place to start or grow your career in cloud security, and we provide many benefits to support that.

• 1 to 1 coaching and tutorship sessions led by seasoned and well-respected professionals.
• Access to our state-of-the-art bespoke training platform, which covers a wide range of security topics.
• Classroom-based proprietary internal training courses, with the opportunity to attend external training courses and security conferences paid for by the company.
• Support and funding to attain accreditations and certifications such as (but not limited to) those offered by the cloud providers, CKA, CKS, OSCP, OSEP, CRT, CPSA, GIAC. Certifications are up to you though, they are not a barrier to entry, and they aren't a mandate for our people as they progress either.

We are also keen supporters of independent security research and support all interested consultants in pursuing research projects on bleeding edge technologies on company time. This comes with the support of more experienced security researchers in the business to help you make those projects a success. Some previous examples of consultant research in the cloud space include:

• Novel Azure AD attacks presented at fwd:cloudsec
• Attack detection in the cloud at fwd:cloudsec, RSA Conference, DEF CON Cloud Village, t2 and others
• Common Kubernetes attack paths at DEF CON Cloud Village

Who would be a great fit

We are looking for someone with a strong background in either security or engineering real-world cloud workloads. This will translate to a minimum of 2-3 years of experience in securing, deploying, architecting or developing cloud related systems and solutions on AWS, Azure or Google Cloud.

Whilst it is not expected that you would be familiar with every service offering from a given provider, a level of competency is expected with core concepts, such as Identity and Access management (IAM), Infrastructure-as-Code (IAC), continuous integration and continuous delivery (CI/CD), as well as containerisation.

Other qualities we will be looking for include:

• Passion for information security, particularly as related to the major cloud platforms
• Innovative and solution-focused mindset and the ability to challenge existing approaches to information security
• Excellent communication skills to both technical and senior-management audiences, being able to translate complex technical issues to comprehensible solutions
• A willingness to travel to visit clients or our other office locations on occasion, pandemic permitting.

Bonus Points

If you hold or have done any of the below, they will be looked upon favorably during the application process. They are in no way required for your application to be successful, however.

• Experience with multiple cloud providers, or with Kubernetes
• Previous consulting experience
• Deep understanding of security principles, and/or a history of security-focused work
• Understanding of modern DevOps concepts and workflows such as Infrastructure as Code and CI/CD. Knowledge of tooling in use such as any of the following (or similar) tools: Terraform, CloudFormation, Docker, Jenkins, HashiCorp Sentinel, GitHub/Gitlab
• Certifications from major cloud providers (AWS, Azure, GCP) or the Cloud Native Computing Foundation (CNCF), or security certifications such as OSCP, OSCE, GIAC, CISSP or the CSA CCSK.
• Scripting and software development experience, especially were evidenced with contributions to open-source projects
• Blog posts or published research on cloud security or modern CI/CD challenges or security issues.