Security Cloud Engineer

Purpose 

As a member of the Cloud Security team, you will be building upon the managed services, APIs and expertise of Amazon Web Services. You will be working alongside other infrastructure teams to design, deliver, automate and operate at scale all the security tools required to protect our AWS Cloud Platform which hosts all our business-critical applications. 

The team plays a critical role in providing Cloud Security Infrastructure products and services to teams in Engineering Productivity and more widely to Ocado Technology.

You'll enjoy being part of the team if you like: 

• learning fast (through experimentation, self-motivation etc);
• being autonomous but able to collaborate (sharing knowledge is important to us);
• craftsmanship and innovation (we never stop questioning how we can be better). 

In terms of career progression and future prospects, this role offers tangible opportunities to contribute to forging the Cloud Security strategy for the years to come, to work with and influence directly senior stakeholders and more tactically to drive the team’s agenda forward.

You may be asked to perform tasks as required by management deemed as a reasonable request. This job description is a summary of the typical functions of the role, not an exhaustive or comprehensive list of possible role responsibilities, tasks and duties and is subject to review. The responsibilities, tasks and duties of the job holder might differ from those outlined in the job description and other duties, as assigned, might form part of the job. 

The role is fully remote within countries where we have Development Centres i.e. UK, Poland, Bulgaria, Spain, Greece, or Sweden.

Department

The Engineering Productivity division provides tooling and engineering practice frameworks to all software development teams in Ocado to improve productivity and effectiveness. 

Key Responsibilities

In the role you will:

• Own, configure  and operate a portfolio of Security related products deployed on hundreds of production environments
• E.g. AWS WAF, AWS Guard Duty, AWS Inspector, AWS IAM, AWS Firewall Manager, AWS CloudTrail, etc
• Identify gaps in our security posture and capture them in well-described RFCs that can later be picked up by Product Management
• Identify and adopt best-in-class Perimeter Security Protection systems (e.g. IDS/IPS, WAF, DDoS Protection, etc)
• Identify and adopt best-in-class Security information and event management (SIEM) systems to analyse logs for suspicious activity and create alerts
• Providing advice, training and mentoring to other infrastructure teams in areas where our AWS Security posture can be improved - e.g. resolving security-related support tickets (SIM)
• Champion, plan and implement Security Compliance policies (e.g. SOC-2, PCI, etc) and kitemarks
• Stay current with security-related Cloud Technologies, including emerging trends, best practices, commonly adopted security strategies, and popular security-related third-party solutions.
• Supporting production systems on Security-related vulnerabilities as required, outside of standard working hours and participating in 24x7 on-call rota.

Knowledge, Skills and Experience

Essential

• One or more of the following  cyber-security competencies
• Threat detection, vulnerabilities, security operations, encryption, boundary defence, authentication and risk management.
• Knowledgeable of the most common attack vectors, OWASP Top 10,  TTPs and Mitre ATT&CK framework.
• Good understanding of well-known protocols and networking concepts: TCP/IP, HTTP/S, DNS, SSH.
• Demonstrable experience with network and system security tools in the Cloud, including network firewalls, Data Protection technologies, Security Information Event Management,  intrusion detection systems and intrusion prevention systems, vulnerability scanning, encryption, monitoring and developing technical engineering artefacts.
• One or more of the following cloud engineering competencies
• Able to participate in all aspects of the software development lifecycle (SDLC) when implementing cloud solutions on infrastructure platforms (AWS preferred)
• Capable of writing, maintaining and testing code as IaaC (i.e. CloudFormation, Terraform, CDK, etc.)
• Experience with some of the following: Identity and Access management, Runtime environments, Network systems, Database and Storage technologies, etc.
• Practical experience with enterprise-scale test-first software development (e.g. Python)
• Some experience with Security compliance (e.g. AWS Config, etc.)
• The inclination and ambition to “Automate Everything”, document what is done and produce an easy-to-follow audit trail
• Used and have knowledge of common build tools, repositories and CD/CI tooling.
• Excellent written and verbal communication skills.

Kudos if you have

• Some level of experience in some of the following areas:
• Vulnerability Detection systems (e.g.  AWS Security Hub, AWS Guard Duty, AWS Inspector, Cloud Trail, AWS Trusted Advisor, etc )
• Cloud Infrastructure Protection strategies (e.g. WAF, AWS Shield, AWS Firewall Manager, AWS Organisations: Service Control Policies, AWS Network Firewall, etc)
• Cloud Infrastructure Incident response (e.g. Shield Advanced, etc)
• Technically proactive in setting the technical direction, driving delivery and continuous improvement
• Friendly go-to person on Cloud Security related topics, with deep expertise and strong problem solving and ability to knowledge share
• Able to mentor and coach less experienced team members
• Strong sense of collaboration both within the team and across the organisation
• Knowledge of SCRUM or other Agile methodologies

Benefits

• Permanent Contract
• Multi-Sport Card
• Medical Insurance
• Life assurance
• Lunch Vouchers
• Training and Development opportunities

Please let us know in your application if you need any special adaptations for the selection process. At Ocado Barcelona we adapt our selection processes to our candidates.

Ocado is an equal opportunities employer and as such makes every effort to ensure that all potential employees are treated fairly and equally, regardless of their sex, sexual orientation, marital status, race, colour, nationality, ethnic or national origin, religion, age, disability or union membership status.

Be bold, be unique, be brilliant, be you. We are looking for individuality and we value diversity above gender, sexual orientation, race, nationality, ethnicity, religion, age, disability or union participation. We are an equal opportunities employer and we are committed to treating all applicants and employees fairly and equally.

#LI-REMOTE #LI-OT #LI-YH1