International Data Group is Looking for Cloud Security Engineer at Bangalore Full Time

IDC is seeking a Cloud Security Analyst reporting to our CyberSecurity Director in IDG Corporate IT, who will serve as a cloud security expert, integrating sound practices from Identity and Access management, monitoring, platform standards, network segmentation and interconnection, encryption, and more into the cloud platforms. They will guide technology decisions to reflect approved security architectures, business impact and exposures, emerging threats, vulnerabilities, regulatory requirements, and risks.

Why IDC?

IDC is the most respected global technology market research firm.  We are changing the way the world thinks about the impact of technology on business and society. Our people, data, and analytics create global technology insights that accelerate customer success. IDC was recognized by the Institute of Industry Analyst Relations (IIAR) as the 2022 Analyst Firm of the Year for the third consecutive year, for delivering critical, timely insights in coordinated efforts around the world, during a time when our customers faced unprecedented challenges.

Our collaborative, innovative and entrepreneurial culture is the perfect place for you to discover your future! We are just getting started! 

• Serve as a technical subject matter expert and thought leader in cloud services security and develop, maintain, and improve a comprehensive security architecture to ensure the integrity, confidentiality, and availability of information assets

• Define and document baseline security configuration standards and security reference architectures for Cloud services (initially AWS and Azure) and follow them from initial idea to completion and governance. Apply CIS (Center for Information Security®) and other industry standards to cloud services

• Define and implement security controls (including network security, identity and access management, security monitoring and least privilege access controls) for cloud infrastructure platforms (Azure, AWS). Align controls with National Institute of Standards and Technology (NIST) recommendations including NIST CSF and NIST 800-53

• Coordinate the implementation of security standards for common Commercial off-the-shelf (COTS) applications and services within Cloud, determine design solutions for log aggregation and SSO/SAML integrations

• Provide analytical review for Information Security Architecture Risk Assessments associated with Cloud platforms with the goal of ensuring appropriate security controls are in place to address risks and threats

• Implement new toolsets related to cloud security, as well as automation and continuous development of cloud security processes, both operational and technical. Partner with architects to develop and implement enterprise information security cloud architectures and solutions

• Develop documentation for all facets of Cloud configurations including identity and access management, network segmentation, application security, data protection, encryption, and others. Support security teams

• Participate in designing processes for secure DevOps using solutions for automation including: Github, DAST/SAST code review processes integrated with automated build processes

• DevOps & automation experience (CodePipeline, Terraform, CloudFormation) is a plus

• Good understanding of infrastructure solution concepts (DNS, network LAN/WAN, firewalls, DMZ, encryption in transit, virtualization technologies, active directory, database technologies and encryption at rest, Windows/Linux operating systems, load balancing, PKI and mutual TLS, zero trust architecture)

• Bachelor’s degree or Equivalent Experience will be considered for qualified candidates.

• Minimum of 5 years’ experience in cybersecurity, including cloud security, compliance, and risk management with a background in system and network security analysis

• 2- 3+ Years developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms

• 3+ Years deep and hands-on experience with a Cloud Platform (AWS, Azure, Google, others) is required.

• 3 to 4 years of experience in cybersecurity analysis

• Demonstrated understanding of AWS core services is required, for example: VPC, Transit Gateway, Direct Connect, Subnets/Route Tables, S3, AWS Backup, AWS CloudFormation, AWS Organizations, Service Control Policies, Tagging, CloudWatch, PrivateLink, EC2, RDS, IAM, AWS Secret Manager, Redshift, AWS Config, SecurityHub, Guard Duty, Workspaces, Control Tower

• Demonstrated experience with security processes and technology solutions that align with controls for, SOX Section 404, ISO 27001/2, FISMA or National Institute of Standards and Technology (NIST) 800-53 Rev4 or Rev5 guidelines is required

• Preferred certifications CISSP, CCSP, CISM, and/or other comparable certifications

• CISSP, CRISC, CISA, strongly desired skills

• Information security certificates such as; CEH, CISSP, CCSP (Certified Cloud Security Professional) are desired

• Excellent written and verbal communication skills

• This role can be based out of our Toronto office with a hybrid work environment or remote EST time zone in Canada

About IDC: International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications and consumer technology markets. IDC helps IT professionals, business executives, and the investment community make fact-based decisions on technology purchases and business strategy. More than 1,300 IDC analysts provide global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients achieve their key business objectives. IDC is a subsidiary of IDG, the world’s leading technology media, research, and events company.

ID: 2023-4798

Post End Date: 6/15/2023