Cloud Security Engineer

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 60,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.

Descriptions:

In this role, you will join a team of six members from Sopra Steria to support one of our government projects. The scope of work includes:

1. Security Risk Assessment
2. Security Policies, Standards, Guidelines, And Procedures Review
3. Security Design
4. Application Security
5. Vulnerability assessment and
6. System Security Acceptance Testing

You will be an expert in the field of Cloud Security.

Responsibilities:

• Perform risk assessment for Cloud Computing Environment and Service covering minimally the following areas:

1. Strategy & governance (e.g., redundancy measures, cloud service provider’s security or audit certification)
2. Identity management (e.g., authentication and authorisation (including administrative and developer access control and least privilege))
3. Data protection (e.g., data at encryption at rest and in-transit, communication channels (TCP traffic, API calls, different compartments), data segregation, and portability)
4. Infrastructure (e.g., backup, compute resource handling, and hybrid model)
5. Cloud resilience (e.g., isolation failure, service termination or failure, security alerting & monitoring, capacity management, logging); and vi. Cloud application and configurations (e.g., micro services - containers, serverless platforms, clouds Native tools used).

• Develop and review security design(s) that integrates:

1. Identify logical architectural elements such as the logical flow of control, and the relationship between the elements (e.g., the trust boundary between various services and components deployed at cloud services);
2. Identify physical or virtual architectural elements to build the architecture (e.g., security mechanism such as Firewall, access control, authentication);
3. Select security services such as hardware-related, Software-related, cloud related (e.g., Native cloud service, security mechanisms available for authentication, token management, authorization, encryption methods (hash, symmetric, asymmetric), encryption algorithms and security event logging);
4. Create an architecture design which allows all elements to be integrated to fulfil requirement; and
5. Implement the treatment actions committed during risk assessment.

Requirements:

• Minimum of 3 years of experience in Cloud Security (AWS will be advantageous)
• Fluent in spoken and written English
• Ability to work closely with international team in a professional manner
• Excellent verbal and written communication skills, including ability to solve complex technical situation and explain it clearly.

Benefits:

• Regular team buildings
• 18 leave days / year
• Health, Dental and Optical Insurance
• Annual bonus
• Working hours: from 8:30am to 6pm, Monday to Friday
• Trainings and certifications bonus