We're looking for a dedicated AWS Cloud Security Engineer to ensure the highest quality in terms of security and compliance for our Simcenter X SaaS applications, primarily hosted on AWS. You will also play a key role in the overall security posture of the broader Simcenter X product range. The SaaS Security Operations Team is crucial to safeguarding the security and operational efficiency of our SaaS organization. We are seeking a dynamic professional to join our international SecOps team as an AWS Cloud Security Engineer. You will be one of the "guardians" of our software value, playing a meaningful role in identifying and addressing potential security threats through advanced threat modeling and conducting thorough penetration testing across our AWS-native systems, web applications, and APIs. This role will be pivotal in proactively safeguarding our cloud perimeter and continuously enhancing our security posture.
Must-have: We need candidates who already have experience in AWS Cloud Security and Threat modeling.
Nice-to-have: Practical experience in performing penetration tests on APIs and web applications.
Skills & Abilities:
------------------------
Proactive in your day-to-day work and engaged with multiple teams, you are a strong team player and creative problem solver who can work with multi-cultural, dispersed technical teams and contribute to the success of our solutions by:
Performing Threat Modeling using frameworks like STRIDE to identify, prioritize, and mitigate potential security risks within our AWS cloud architecture and SaaS applications.
Collaborating closely with development, DevOps, and infrastructure teams to integrate threat modeling into the design and development lifecycle of cloud-native solutions.
Conducting hands-on penetration testing specifically focused on web applications and APIs deployed within AWS environments, to uncover vulnerabilities and exploit paths.
Analyzing vulnerabilities reported from automated security tools (e.g., SAST, DAST, cloud security posture management tools) or third parties to assess their exploitability and potential impact on our AWS infrastructure and applications.
Supporting the resolution of security incidents, including Root Cause Analysis (RCA), containment, and recovery, in collaboration with the wider security organization and AWS incident response best practices.
Creating and maintaining a library of test cases and attack simulations specifically tailored for AWS cloud environments, web applications, and APIs for continuous testing.
Qualifications:
-------------------
Have proven experience in offensive security, penetration testing, or ethical hacking, with a strong focus on web applications and APIs.
Have a strong background in performing STRIDE or other threat modeling methodologies, ideally applied to cloud-native architecture.
Have demonstrated the ability to uncover vulnerabilities in complex applications and infrastructures, with specific experience in AWS services and configurations.
Proficient in penetration testing tools like Burp Suite, Metasploit, Nessus, Nmap, and have experience with tools relevant for cloud security assessments.
Have knowledge of scripting languages such as Python, Bash, or PowerShell for creating test scenarios, automation, and custom tools, especially for interacting with AWS APIs.
Strong understanding of AWS security services (e.g., IAM, Security Groups, NACLs, WAF, GuardDuty, CloudTrail, Config) and their practical application in securing cloud workloads.
Familiarity with common web applications and API security vulnerabilities (e.g., OWASP Top 10, API Security Top 10) and their exploitation/mitigation.
You can understand complex products, solutions, and issues within an AWS context and are able to report consistently, concisely, and effectively on our SaaS Security posture to the various stakeholders, allowing for management prioritization, investment, and reporting.
Interview Process
---------------------
* 2 Technical Rounds
Beware of fraud agents! do not pay money to get a job
MNCJobsIndia.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.