Cloud Security Consultant

Job Description

WithSecure delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.

We solve complex cyber-security problems on daily basis and encourage our team to push the boundaries of what is possible! In addition to their work supporting our clients, our consultants get involved in a variety of exciting external and internal research projects - investigating new software, services, hardware, or protocols, or developing new tools and techniques.

Key Responsibilities

• Provide tailored, pragmatic security advice at any level within a client’s organization to support their business objectives.
• Support security solutions implementation and secure development lifecycle improvement within our clients
• Collaborate with other consultants and client staff on cloud security projects to improve a client’s security posture.
• Design programmes of work for our clients to meet their security objectives and provide pre-sales support to help win projects.
• Maintain and enhance the internal cloud testing methodologies
• Contribute to research and tool development, both internally and across the broader security community
• Translate that research and tool development into internal and externally facing output, such as blog posts, conference talks and open-source tool releases.

What are we looking for?

We’re looking for someone who’s a fast learner, who gets excited by getting stuck into new tools and technologies, and who enjoys applying their experience to new problem spaces. You’ll have experience overcoming engineering challenges, helping the business make sensible compromises to achieve the core business objectives and collaborate with others to achieve that.

As part of your role, you’ll be working alongside a passionate and dedicated team, including collaborating on new and exciting projects you’ll also have the freedom to explore your own personal research projects on bleeding edge technologies.

To succeed, you will be required integrate with a client team, analyse large complex cloud environments to identify vulnerabilities, and how to architect and implement secure systems in the cloud. You will also be required to have in-depth technical knowledge of AWS.

Whilst it is by no means expected for the candidate to be familiar with every service offering from a provider, a level of competency is expected with core concepts, such as IAM, storage, networking, compute, databases and containerisation. Experience with DevOps related technologies such as Infrastructure as Code CI/CD tooling would also be beneficial.

Bonus points

Any of the below will be a bonus, but are not required:

• Previous consulting experience
• Deep understanding of security principles, and/or a history of security-focused work
• Understanding of modern DevOps concepts and workflows such as Infrastructure as Code and CI/CD. Knowledge of tooling in use such as any of the following (or similar) tools: Terraform, CloudFormation, Docker, Jenkins, Hashicorp Sentinel, Github/Gitlab
• AWS Cloud certifications, for instance AWS Solutions Architect Associate/Professional or AWS Certified Security Specialty
• Other security industry specific technical accreditations such as OSCP, OSCE, GIAC, CISSP.
• Contributions to open-source projects, especially if security or AWS focused.
• Scripting and programming language expertise, such as bash, python, Go or other
• Blog posts or published research on cloud security or modern CI/CD challenges or security issues

What will you get from us

We will invest in your development, by offering you a variety of training and tools in the areas you are particularly interested in:

• 1 to 1 coaching and tutorship sessions led by seasoned and well-respected professionals.
• Access to our state-of-the-art bespoke training platform.
• You will also receive classroom-based learning sessions and be given the opportunity to attend external training courses and security conferences.
• We will also fund accreditations and certifications such as (but not limited to) those offered by the cloud providers, OSCP, OSEP, CRT, CSPA, GIAC. That's up to you though, certifications are not a barrier to entry, and they aren't a mandate for our people as they progress either.