Healthcare Commercial Cloud (HCC) is a commercial cloud platform operating in AWS and Azure with customized infrastructure to support healthcare staff and organisations. HCC enables healthcare organisations to leverage on commercial cloud services while ensuring security compliances are met.
The Lead Engineer is expected to apply extensive technical knowledge and hands-on skills in commercial cloud (AWS and Azure) to develop, deploy, and managed hybrid/multi cloud security technologies and services aligned with business objectives, security, and compliance requirements.
Roles and Responsiblities:
- Design, develop, and operate cloud security technologies, solutions, and services in HCC AWS and Azure in accordance with the relevant Healthcare cloud security policies and standards, cloud architecture standards and guidelines.
- Experienced in operating cloud security technologies / services provided natively in AWS such as Security Hub, Inspector, Guarduty, Cloudwatch, AWS Config, Control Tower, various AWS Policies, Security Group, NACL, Detective, Systems Manager, trusted advisor, and in Azure such as Defender for Cloud, various Defender Plans, Log Analytics Workspace, Azure Policy, Network Security Group, key vaults, Sentinel.
- Experienced in managing ICT security risk, operations, and incident to achieve system confidentiality, integrity, and availability.
- Actively monitor security score in AWS and Azure, review number of non-compliances / findings, come up with remediation plan, and perform remediation together with other team members.
- Promptly validate, mitigate, and remediate all vulnerabilities identified in HCC AWS and Azure in accordance with the timeframe stipulated inside Healthcare Policy.
- Develop the ability to promptly detect, monitor and respond to malware alerts, unauthorized changes / suspicious / malicious activities within HCC AWS and Azure.
- Perform risk assessment, identify risk scenarios, assess the consequent risks, assign risk ratings, determine the controls to mitigate the risks, and assess the effectiveness of the controls implemented.
- Develop and maintain internal and external documentations such as security SOPs, handbooks, KBs, user guides / playbooks.
Requirements / Qualifications
- Minimum 8 years of hands-on experience with a strong technical knowledge in the 2 or more of the following areas in AWS and Azure. Those with more experiences will be considered for senior lead engineer role.
- Networking and perimeter protection: Firewall, NAT, Internet Gateway, WAF, NIDPS, DDoS protection, Proxy, secure DNS, transit gateway, peering, load balancer, VPC/VNet, AZ, IP address management.
- Workload management & operation: backup & recovery, endpoint protection, vulnerability management, patch management, key management, cert management, secret management, logs and alerts management, virtualization, storage, and databases.
- Identity & access control, directory services, account & access management
- Policy management, Governance, compliance, and data privacy
- Hold at least 1 advanced cloud-based security certification such as Certified AWS Security Specialty, Azure Solutions Architect Expert certification. Having other cybersecurity certifications such as CISM, CISSP, CEH, TOGAF, or SANS certificates would be a plus.
- Strong understanding on cloud security and have experience designing and implementing defense strategies on commercial cloud (AWS and Azure).
- Strong knowledge and experience in AWS and Azure Well Architected Framework, best practices, and Application Infrastructure Architecture Standard (AIAS). Specific experience in government / healthcare sector is a plus.
- Familiar with NIST Cybersecurity Framework and able to apply it into commercial cloud environment (AWS and Azure).
- Familiar with ITIL practices such as change management, configuration management, service management, incident management, problem management.
- Familiarity with cloud technologies such as CSPM, CWPP, CNAPP, DSPM, CMP, CIEM and other security solutions such as DLP, EDR, DAM.