Cloud Security Architect

IT – Infrastructure
Stellenbosh – Western Cape

OWN, analyse, architect, design and implement Cloud Infrastructure Platforms, Services and Systems in regard to all IT security aspects and security solutions as the next Cloud Security Architect sought by a fast-paced & innovative Financial Institution. The ideal candidate must have 5+ years’ experience in an IT Security-related Architecture role, 4+ years’ experience designing, deploying, and supporting Cloud and / or Infrastructure deployments and its supporting technologies in a medium to large sized organisation with proven experience integrating security solutions and practices in a large-scale environment. You must have expert level proficiency with Windows, Linux, AWS, Azure, IaaS, PaaS, SaaS, Bash/PowerShell, Golang/.Net/Java LDAP, Kerberos, AD, OAuth 2.0, OpenID Connect, SAML.
Design, architect, implement and support of IT Security solutions and supporting infrastructure (cloud / physical / virtual infrastructure, operating systems and supporting software) in alignment with organisational goals and constraints, focusing on the cloud –
  • Design and implementation where strategic and appropriate.
  • Define strategic goals and tactical plans for IT Security solutions and systems.
  • Perform Security Architect peer reviews.
  • Consult on IT Security solutions architecture and Infrastructure Architecture.
  • Conduct research and development (R&D).
  • Document and own security architecture and systems.
  • Document and own security architecture engagement prerequisites (initial and complete).
  • Compile security architecture policies.
  • Compile security architecture standards, patterns and best practices.
  • Own security infrastructure SDLC.
  • Construct a technical roadmap pertaining to a certain technology.
  • Drive innovation by remaining current with technologies in order to enhance products & services offerings to the organisation.
  • Engage with multiple business units on planned infrastructure deployments and investigate deployment and configuration best practices and architectures.
  • Interface with the various IT Architects to understand the technical requirements.
Design, architect, implement and support Cloud Security –
  • Apply cloud security know-how to assist in constructing and developing the roadmap pertaining to Cloud technology.
  • Drive innovation by remaining current with cloud and cloud security technologies to enhance products & services offerings to the organisation.
  • Engage with multiple business units on planned Cloud deployments and investigate deployment and configuration best practices and architectures, focusing on security.
  • Define and document Cloud standards pertaining to infrastructure and security configurations.
  • Provide research and advice on industry best practices, technology, and tools for consideration in the environment.
  • Develop and execute test plans to check technical performance and make recommendations for improvements.
  • Collaborate with stakeholders to drive continuous Improvement of Cloud Security Posture through automation.
  • Work closely with Cyber Security, Data Governance and Infrastructure Security teams to ensure Capitec’s cloud environment adheres to regulatory requirements and complies with the bank’s own security & risk standards.
  • Engage with vendors / suppliers / business partners for the design and implementation of cloud security solutions as needed.
  • Design and build out new cloud security solutions that meet the technical requirements and align with, but not limited to:
    • Information security and governance frameworks
    • Regulatory compliance
    • High availability strategy
    • Scalability and capacity planning
  • Review and analyse the cloud security landscape and improve and optimize current cloud implementations for continuous improvement and the assurance of technical safeguards for requirements.
  • Responsible for document designs, specifications, and implementations for cloud security.
  • Create detailed planning and implementation documentation, enhancing current standards and quality.
  • Prepare hand-over documentation and document support processes to stakeholders.
  • Liaise with stakeholders to plan the execution of deliverables according to implementation documentation.
  • Provide technical cloud security support to divisions ensuring effective and efficient handover.
  • Where required, perform the implementation of more complex deployments.
  • Responsible for post implementation handover (or implementation) review and learnings for future reference and improvements.
  • Document Standard Operating Procedures (S.O.P’s) and upkeep of general documentation.
  • Ensure compliance by auditing current requirements and plan for future enhancements and requirements.
  • System and software compliance using implemented standards, industry standards and best practises within information security and regulatory requirements.
  • Configuration management using on premise as well as cloud native tools. This will involve creating and maturing standards for new cloud security deployments and estate management.
  • Create accurate management reporting information with regards to cloud security costs, usage, constraints and risks.
  • Forecast the growth in cloud security requirements. Recording and reporting on current usage as well as trending for future requirements.
  • Service availability using monitoring and alerting tools.
  • Perform 3rd level support for the resolution of critical infrastructure related issues.
  • Participate in knowledge sharing.
  • Grade 12 / Matric.
  • Ideally have –
    • A relevant 3-year Degree / Diploma in IT.
    • ITIL Foundation Certification.
    • Industry Security Certification.
    • Virtualization Certification
    • Cloud Security Certification.
    • A relevant tertiary qualification in Information Technology (e.g., Microsoft Certified Azure Solutions Expert, AWS Solutions Architect, AWS DevOps Engineer, AWS SysOps Administrator, VCP-DCV, VCP-CMA).
Minimum experience –
  • 5+ Years’ experience in an IT Security-related Architecture role.
  • 4+ Years’ experience designing, deploying, and supporting Cloud and / or Infrastructure deployments and its supporting technologies in a medium to large sized organisation.
  • Proven experience integrating security solutions and practices in a large-scale environment.
Expert knowledge of –
  • Windows and Linux Server architecture.
  • Secure network architecture, identity and access management principles, and application security principles.
  • Security Principles, IT Security procedures and Best Practices.
  • Design and deployment of highly available, enterprise-scale cloud infrastructure.
  • Advance knowledge and hands-on experience with Public Cloud (IaaS, PaaS, SaaS) and Infrastructure as Code capabilities.
  • Strong design and hands on troubleshooting background on at least one of the following Public Cloud Platforms (AWS, Azure or GCP).
  • Experience with authentication and authorization technologies and protocols (LDAP, Kerberos, AD, OAuth 2.0, OpenID Connect, SAML).
  • Basic understanding of at least one high-level programming language (Golang / .Net / Java).
  • Advanced scripting skills in at least one interpreted language (Bash/PowerShell)
  • Understanding of Cloud Security technologies and best practices.
  • Understanding of Networking in cloud environments.
Sound understanding of –
  • IT Systems Development processes (SDLC lifecycle).
  • Business Compliance requirements
  • Business Continuity Planning
  • IT Operations.
Ideal to have experience/skills –
  • SIEM (Security Information and Event Management) and/or ECA (Event Correlation and Analysis) Systems.
  • Experience working in a DevOps environment.
  • Experience with ELK, Splunk or similar on Public Cloud Platforms.
  • Knowledge of JSON templates, PowerShell, CLI’s, Shell, Python.
  • Experience working in a fast paced Agile/Scrum environment (Atlassian Stack).
  • Experience in supporting and enhancing build and release processes through automation using a combination of processes and existing tools.
  • Experience working with scripting and provisioning tools like Terraform, Ansible, CloudFormation DSC or equivalent.
  • Experience developing and supporting infrastructure and cloud capabilities for microservices-based architectures.
  • Experience with Docker and Kubernetes.
  • Experience working with CI/CD tools.
  • Previous experience in a DevOps role and incorporating security controls in the build process.
  • Presentation skills with a high degree of comfort with both large and small audiences (Senior Executives, IT management and Developers).
  • Architecting and designing Cloud Security and Related technologies.
  • Project Management principles and processes.
  • Application design principles.
  • Ethical hacking and penetration testing.
  • Messaging and Collaboration technologies and architecture.
  • Identity Management Solutions.
  • Experience working with RESTful APIs and Web Services.
  • Experience in engineering data and/or security log pipelines using Big Data technologies such as Spark, Kafka, Hadoop, Storm, etc.
  • Understanding of modern software engineering patterns, including those used in highly scalable, distributed, and resilient systems.
  • Ability to deliver long-term, repeatable IaC solutions that incorporate directly into an overall CI/CD process.
  • Communication skills (written and verbal) in English.
  • Consultation, facilitation and presentation skills.
  • Negotiation and influencing skills.
  • Analytical, conceptual and diagnostic skills.
  • Attention to detail.
  • Ability to work under pressure in a fast-paced environment.
  • Planning and organising skills.
  • Demonstrate initiative, proactive attitude and a continuous improvement mindset.
  • Leadership (including Coaching, Mentoring) skills.
Team player.