Cloud Security Engineer

We are seeking a Cloud Security Specialist to join our team and play a pivotal role in safeguarding our cloud infrastructure and ensuring compliance with industry standards., * Design, implement, and maintain security controls across cloud infrastructure to protect against vulnerabilities and ensure robust cloud security architecture.

• Advise the development team on cloud security best practices and secure cloud architecture principles for complex projects.
• Conduct threat modelling exercises to identify and assess potential security risks within IASME networks and cloud environment.
• Perform regular testing and validation of security controls to ensure effectiveness and compliance with security standards.
• Ensure compliance with GDPR and other relevant data protection regulations, implementing necessary controls and conducting regular compliance assessments.
• Conduct in-depth security reviews of software applications and cloud services.
• Contribute to the preparation and maintenance of security certifications, including Cyber Essentials and other relevant cloud security certifications.
• Assist in the development and delivery of internal security training programs.
• Serve as a key member of the Cyber Incident Response Team, supporting the Incident Manager as an Incident Handler.
• Stay informed about emerging security threats, vulnerabilities, and attack methods, and proactively recommend strategies to address them.
• Assist in the development and maintenance of security documentation to ensure consistent and effective cloud security operations.
• Other duties as may from time to time be required by the company.

Do you have experience in NIST standards?, * AWS Certified Security - Specialty certification (mandatory).

• Proven experience in cloud security architecture, specifically within AWS environments.
• Strong technical expertise in AWS security services including IAM, CloudTrail, GuardDuty, Security Hub, Cognito, WAF, and KMS.
• In-depth knowledge of cloud security principles, techniques, and protocols.
• Strong understanding of GDPR requirements and experience implementing data protection controls in cloud environments.
• Knowledge of threat modelling methodologies and risk assessment frameworks.
• Strong proactive approach to identifying and addressing security risks.

Competencies Desired

• Understanding of network and web-related technologies, as well as common attack methods and mitigation strategies in cloud environments.
• Excellent problem-solving and analytical skills, with a strong attention to detail.
• Ability to troubleshoot complex issues and work independently under minimal supervision.
• Strong communication skills, both written and verbal, with the ability to convey technical concepts to non-technical stakeholders.
• Understanding of Cyber Essentials, Cyber Essentials Plus, and other security certifications.
• Familiarity with industry frameworks and standards such as ISO 27001, NIST, or CIS Controls.

IASME is a cyber security certification company based in the beautiful Malvern Hills, with offices in Belfast and Dalgety Bay, near Edinburgh. We work with over 900 cyber security experts to help organisations improve and demonstrate their cyber security. We also certify connected devices and ships of all sizes around the world. Through the Civil Aviation Authority's ASSURE scheme, we help the aviation industry manage their cyber security risks. At IASME, we pride ourselves on being a welcoming and inclusive workplace. We value the unique skills and experiences that people of all ages and backgrounds bring to our team. We also support parents returning to work after taking time off to raise children. This role offers a mix of working from home and in the office. You will need to come to our Malvern office at least one day a week. A BPSS (Baseline Personnel Security Standard) check will be required for this role.