Associate Cloud Security Consultant

Job Description

We are looking for associate Cloud Security Consultants to join our consulting team in delivering cloud-focused security services to our clients. We welcome applications from candidates of all backgrounds who are looking to shift their careers towards cybersecurity, but especially those with prior experience with cloud technology, as systems administrators, or software developers. If you have more experience, you may be a better fit for our experienced cloud consultant role https://emp.jobylon.com/jobs/1...

The Role

As a member of the cloud consulting team at WithSecure, you will:

• Work with our clients at a range of levels across their organization to provide tailored advice on securing their fast-moving, cloud native environments.
• Deliver hands-on security consultancy for WithSecure' s clients, including technical assessments of cloud workloads, architecture reviews, report writing and presentations.
• Help to design programmes of work for our clients to meet their security objectives, and provide pre-sales support to help win projects.

In addition, successful consultants support the business in areas beyond delivery of client work. That may include one or more of the following;

• Contributing to research and tool development, both internally and across the broader security community
• Translate that research and tool development into internal and externally facing output, such as blog posts, conference talks and open-source tool releases.
• Maintaining and enhancing our internal cloud testing methodologies and tools.

Why join us?

Our goal is to make WithSecure a stellar place to start or grow your career in cloud security, and we provide many benefits to support that.

• 1 to 1 coaching and tutorship sessions led by seasoned and well-respected professionals.
• Access to our state-of-the-art bespoke training platform, which covers a wide range of security topics.
• Classroom-based proprietary internal training courses, with the opportunity to attend external training courses and security conferences paid for by the company.
• Support and funding to attain accreditations and certifications such as (but not limited to) those offered by the cloud providers, CKA, CKS, OSCP, OSEP, CRT, CPSA, GIAC. Certifications are up to you though, they are not a barrier to entry, and they aren't a mandate for our people as they progress either.

We are also keen supporters of independent security research, and support all interested consultants in pursuing research projects on bleeding edge technologies on company time. This comes with the support of more experienced security researchers in the business to help you make those projects a success. Some previous examples of consultant research in the cloud space include:

• Novel Azure AD attacks presented at fwd:cloudsec
• Attack detection in the cloud at fwd:cloudsec, RSA Conference, DEF CON Cloud Village, t2 and others
• Common Kubernetes attack paths at DEF CON Cloud Village

Who would be a great fit:

We are looking for someone with a strong background in either security or engineering real-world cloud workloads. We’re looking for driven, inquisitive people looking to start their career in security, or to shift into the security world from previous backgrounds.

• Demonstrable technical knowledge in one or more of the following areas: AWS, Azure, Google Cloud, Kubernetes. Ideally, this will be demonstrated through either work experience, open source contributions or other projects.
• Passionate about information security, particularly as related to the major cloud platforms
• Innovative mind-set and the willingness to challenge existing approaches to information security
• Excellent communication skills, including written and spoken English, and able to communicate to both technical and senior-management audiences

We are recruiting at all grades, and would particularly welcome applications from:

• Cloud engineers looking to make the shift into security
• Systems administrators and developers with experience developing and maintaining production workloads
• Those looking to make the move into cybersecurity from other fields, especially analytical, scientific or data-driven disciplines.

Bonus Points

If you hold or have done any of the below, they will be looked upon favourably during the application process. They are in no way required for your application to be successful, however.

• Experience with multiple cloud providers, or with Kubernetes
• Previous consulting experience
• Understanding of security principles, and/or a history of security-focused work
• Understanding of modern DevOps concepts and workflows such as Infrastructure as Code and CI/CD. Knowledge of tooling in use such as any of the following (or similar) tools: Terraform, CloudFormation, Docker, Jenkins, HashiCorp Sentinel, GitHub/Gitlab
• Certifications from major cloud providers (AWS, Azure, GCP) or the Cloud Native Computing Foundation (CNCF), or security certifications such as those from Offensive Security, CREST and similar.
• Contributions to open-source projects, especially if security focused.
• Scripting and software development experience, such as with Python, Go or other