Avensys is a reputed global IT professional services company headquartered in Singapore. Our service spectrum includes enterprise solution consulting, business intelligence, business process automation and managed services. Given our decade of success we have evolved to become one of the top trusted providers in Singapore and service a client base across banking and financial services, insurance, information technology, healthcare, retail and supply chain.
We are currently looking to hire a Cloud Engineer. This is an exciting opportunity to expand your skill set, achieve job satisfaction and work-life balance. More details as below.
JOB TYPE
Long Term Contract
ROLES AND RESPONSIBILITIES
- Support agency in new cloud related projects implementation.
• Assist agency in reviewing access rights, and accounts control in cloud.
• Review and resolve the vulnerabilities reported from scan and/or GCC alerts.
• Provide consultancy to new projects to onboard AWS cloud services.
• Review existing projects to streamline the services and maintain cost efficiency.
• Strengthen the security posture of existing cloud infrastructure and propose enhancement.
• Raise service request to BAU Operations Team for in-scope cloud related tasks.
• To support and maintain AWS S3 Buckets and other AWS Storage services such as FSX.
• To support Trend Micro CloudOne Workload and Endpoint Security / AMHIPS as part of Agency Anti-Virus/ Anti-Malware system.
• To support and maintain ABLR Heavy Forwarder (CTS Services) as part of Agency Audit Logging requirement.
• To support Agency GCC Infrastructure using DevOps process or tools such as Terraform or AWS CloudFormation.
• To support Audit and security compliance activities.
• Work with BAU team, System Engineers, Cloud Engineers, and DBA to support and maintain agency GCC environment.
• To support and maintain Central Account Management (CAM) servers (CTS Services) as part of Agency Audit requirement.
• To support Disaster Recovery exercises.
Scope of Work Details for support in AWS
1. Compute Services
1.1 Engineer shall perform any or all the following system administration tasks relating to compute services in the GCC environment, as may be required by the Customer:
(a) Deploy and manage virtual instances such as Amazon EC2
(b) Configure virtual instance perimeters such as the number of CPU/RAM, CPU and size of storage
(c) Deploy and manage virtual instances bootstrap script provided by the Customer
(d) Create virtual instance images such as Amazon Machine Image
(e) Manage and maintain Amazon Web Services (AWS) security group
Engineer shall perform other system administration tasks that are not specified but are related to compute services in the GCC environment.
2. Network Services
2.1 Engineer shall perform any or all the following system administration tasks relating to network services in the GCC environment, as may be required by the Customer:
(a) Create and manage virtual private cloud network such as AWS Virtual Private Cloud (VPC)
(b) Manage and maintain DNS records using cloud native tools such as AWS Route 53
(c) Manage and maintain load balancer such as AWS Network/Application Load Balancer (NLB/ALB)
(d) Deploy, manage and maintain content delivery network such as AWS Cloud Front
(e) Implement virtual private cloud peering, establishing private links with virtual private cloud endpoints, Elastic Network Interface (ENI), Elastic IP, Internet Gateway, IP block reservation, Security Group, Network Access Control List (NACL), Virtual Networks, web application firewall and enhanced networking.
3. Storage Services
3.1 Engineer shall perform any or all the following system administration tasks relating to storage services in the GCC environment, as may be required by the Customer:
(a) Create object storage buckets using cloud native tools such as Amazon S3
(b) Configure the object storage buckets such that they are secure and private
(c) Provision block storage disk for virtual server’s disk using cloud native tools such as Amazon Elastic Block Storage (EBS)
(d) Manage and maintain file storage quota and access permission using cloud native tools such as AWS Elastic File System (EFS)
(e) Setup life cycle management policy from object storage to archive storage using cloud native tools such as Amazon Glacier
(f) Perform object storage version control, security and encryption
(g) Manage and maintain object storage static website on server-less configuration.
3.2 The Contractor shall perform other system administration tasks that are not specified but are related to storage services in the GCC environment.
4. Security and Identity Services
4.1 Engineer shall perform any or all the following system administration tasks relating to security and identity services in the GCC environment, as may be required by the Customer:
(a) Setup Identity and Access Management (IAM) according to the requirements specified by the Customer, using tools such as AWS IAM
(b) Setup and manage encryption keys according to the requirements specified by the Customer, using tools such as AWS Key Management Service (KMS)
(c) Setup and manage threat detection systems according to the requirements specified by the Customer, using tools such as Amazon Guard Duty
(d) Setup web application firewall (WAF) according to the requirements specified by the Customer, using tools such as AWS WAF
(e) Setup native cloud compliance tools according to the requirements specified by the Customer, using tools such as AWS Config
4.2 Engineer shall perform other system administration tasks that are not specified but are related to security and identity services in the GCC environment.
5. Backup and Recovery Services
5.1 Engineer shall perform any or all the following system administration tasks relating to backup and recovery services in the GCC environment, as may be required by the Customer:
(a) Perform backup and recovery using cloud native tools such as AWS EBS snapshot, Azure Recovery Service Vault
(b) Create machine images for backup using cloud native tools such as Amazon Machine Image
5.2 The scope of backup and recovery services shall cover any or all the following components of the Customer’s system in the GCC environment, as may be specified by the Customer:
(a) Operating systems
(b) Applications
(c) Databases
(d) User and application data
(e) System configurations.
5.3 Engineer shall perform other system administration tasks that are not specified but are related to backup and recovery services in the GCC environment.
6. System Monitoring Services
6.1 Engineer shall perform any or all the following system administration tasks relating to system monitoring services in the GCC environment, as may be required by the Customer:
(a) Setup and configure cloud native monitoring according to the requirements specified by the Customer, using tools such as AWS CloudWatch
(b) Setup and configure cloud native application logging according to the requirements specified by the Customer, using tools such as AWS CloudWatch
(c) Setup and configure cloud native Cloud Service Provider (CSP) activity logging according to the requirements specified by the Customer, using tools such as AWS Cloudtrail
6.2 The scope of system monitoring services shall cover any or all the following aspects, as may be specified by the Customer:
(a) CPU utilisation
(b) Memory and swap space utilisation
(c) Memory page scanning rate
(d) Disk space utilisation
(e) Errors generated in the system logs
6.3 The Contractor shall perform other system administration tasks that are not specified but related to system monitoring services in the GCC environment
7. Patch Management
7.1 As part of providing TFM Services for the Customer’s system hosted in the GCC environment, Engineer shall perform the monthly patching and ad-hoc vulnerability scan and remediation
WHAT’S ON OFFER
You will be remunerated with an excellent base salary and entitled to attractive company benefits. Additionally, you will get the opportunity to enjoy a fun and collaborative work environment, alongside a strong career progression.
To submit your application, please apply online or email your UPDATED CV in Microsoft Word format to [email protected]. Your interest will be treated with strict confidentiality.
CONSULTANT DETAILS
Consultant Name: Keerthana Ramakrishnan
Avensys Consulting Pte Ltd
EA License 12C5759
Privacy Statement: Data collected will be used for recruitment purposes only. Personal data provided will be used strictly in accordance with the relevant data protection law and Avensys' privacy policy.
