Datafin

Cloud Security Architect

IT – Infrastructure
Stellenbosh – Western Cape

ENVIRONMENT:
OWN, analyse, architect, design and implement Cloud Infrastructure Platforms, Services and Systems in regard to all IT security aspects and security solutions as the next Cloud Security Architect sought by a fast-paced & innovative Financial Institution. The ideal candidate must have 5+ years’ experience in an IT Security-related Architecture role, 4+ years’ experience designing, deploying, and supporting Cloud and / or Infrastructure deployments and its supporting technologies in a medium to large sized organisation with proven experience integrating security solutions and practices in a large-scale environment. You must have expert level proficiency with Windows, Linux, AWS, Azure, IaaS, PaaS, SaaS, Bash/PowerShell, Golang/.Net/Java LDAP, Kerberos, AD, OAuth 2.0, OpenID Connect, SAML.
 
DUTIES:
Design, architect, implement and support of IT Security solutions and supporting infrastructure (cloud / physical / virtual infrastructure, operating systems and supporting software) in alignment with organisational goals and constraints, focusing on the cloud –
  • Design and implementation where strategic and appropriate.
  • Define strategic goals and tactical plans for IT Security solutions and systems.
  • Perform Security Architect peer reviews.
  • Consult on IT Security solutions architecture and Infrastructure Architecture.
  • Conduct research and development (R&D).
  • Document and own security architecture and systems.
  • Document and own security architecture engagement prerequisites (initial and complete).
  • Compile security architecture policies.
  • Compile security architecture standards, patterns and best practices.
  • Own security infrastructure SDLC.
  • Construct a technical roadmap pertaining to a certain technology.
  • Drive innovation by remaining current with technologies in order to enhance products & services offerings to the organisation.
  • Engage with multiple business units on planned infrastructure deployments and investigate deployment and configuration best practices and architectures.
  • Interface with the various IT Architects to understand the technical requirements.
 
Design, architect, implement and support Cloud Security –
  • Apply cloud security know-how to assist in constructing and developing the roadmap pertaining to Cloud technology.
  • Drive innovation by remaining current with cloud and cloud security technologies to enhance products & services offerings to the organisation.
  • Engage with multiple business units on planned Cloud deployments and investigate deployment and configuration best practices and architectures, focusing on security.
  • Define and document Cloud standards pertaining to infrastructure and security configurations.
  • Provide research and advice on industry best practices, technology, and tools for consideration in the environment.
  • Develop and execute test plans to check technical performance and make recommendations for improvements.
  • Collaborate with stakeholders to drive continuous Improvement of Cloud Security Posture through automation.
  • Work closely with Cyber Security, Data Governance and Infrastructure Security teams to ensure Capitec’s cloud environment adheres to regulatory requirements and complies with the bank’s own security & risk standards.
  • Engage with vendors / suppliers / business partners for the design and implementation of cloud security solutions as needed.
  • Design and build out new cloud security solutions that meet the technical requirements and align with, but not limited to:
    • Information security and governance frameworks
    • Regulatory compliance
    • High availability strategy
    • Scalability and capacity planning
  • Review and analyse the cloud security landscape and improve and optimize current cloud implementations for continuous improvement and the assurance of technical safeguards for requirements.
  • Responsible for document designs, specifications, and implementations for cloud security.
  • Create detailed planning and implementation documentation, enhancing current standards and quality.
  • Prepare hand-over documentation and document support processes to stakeholders.
  • Liaise with stakeholders to plan the execution of deliverables according to implementation documentation.
  • Provide technical cloud security support to divisions ensuring effective and efficient handover.
  • Where required, perform the implementation of more complex deployments.
  • Responsible for post implementation handover (or implementation) review and learnings for future reference and improvements.
  • Document Standard Operating Procedures (S.O.P’s) and upkeep of general documentation.
  • Ensure compliance by auditing current requirements and plan for future enhancements and requirements.
  • System and software compliance using implemented standards, industry standards and best practises within information security and regulatory requirements.
  • Configuration management using on premise as well as cloud native tools. This will involve creating and maturing standards for new cloud security deployments and estate management.
  • Create accurate management reporting information with regards to cloud security costs, usage, constraints and risks.
  • Forecast the growth in cloud security requirements. Recording and reporting on current usage as well as trending for future requirements.
  • Service availability using monitoring and alerting tools.
  • Perform 3rd level support for the resolution of critical infrastructure related issues.
  • Participate in knowledge sharing.
 
 
REQUIREMENTS:
  • Grade 12 / Matric.
  • Ideally have –
    • A relevant 3-year Degree / Diploma in IT.
    • ITIL Foundation Certification.
    • Industry Security Certification.
    • Virtualization Certification
    • Cloud Security Certification.
    • A relevant tertiary qualification in Information Technology (e.g., Microsoft Certified Azure Solutions Expert, AWS Solutions Architect, AWS DevOps Engineer, AWS SysOps Administrator, VCP-DCV, VCP-CMA).
Minimum experience –
  • 5+ Years’ experience in an IT Security-related Architecture role.
  • 4+ Years’ experience designing, deploying, and supporting Cloud and / or Infrastructure deployments and its supporting technologies in a medium to large sized organisation.
  • Proven experience integrating security solutions and practices in a large-scale environment.
Expert knowledge of –
  • Windows and Linux Server architecture.
  • Secure network architecture, identity and access management principles, and application security principles.
  • Security Principles, IT Security procedures and Best Practices.
  • Design and deployment of highly available, enterprise-scale cloud infrastructure.
  • Advance knowledge and hands-on experience with Public Cloud (IaaS, PaaS, SaaS) and Infrastructure as Code capabilities.
  • Strong design and hands on troubleshooting background on at least one of the following Public Cloud Platforms (AWS, Azure or GCP).
  • Experience with authentication and authorization technologies and protocols (LDAP, Kerberos, AD, OAuth 2.0, OpenID Connect, SAML).
  • Basic understanding of at least one high-level programming language (Golang / .Net / Java).
  • Advanced scripting skills in at least one interpreted language (Bash/PowerShell)
  • Understanding of Cloud Security technologies and best practices.
  • Understanding of Networking in cloud environments.
Sound understanding of –
  • IT Systems Development processes (SDLC lifecycle).
  • Business Compliance requirements
  • Business Continuity Planning
  • IT Operations.
 
Ideal to have experience/skills –
  • SIEM (Security Information and Event Management) and/or ECA (Event Correlation and Analysis) Systems.
  • Experience working in a DevOps environment.
  • Experience with ELK, Splunk or similar on Public Cloud Platforms.
  • Knowledge of JSON templates, PowerShell, CLI’s, Shell, Python.
  • Experience working in a fast paced Agile/Scrum environment (Atlassian Stack).
  • Experience in supporting and enhancing build and release processes through automation using a combination of processes and existing tools.
  • Experience working with scripting and provisioning tools like Terraform, Ansible, CloudFormation DSC or equivalent.
  • Experience developing and supporting infrastructure and cloud capabilities for microservices-based architectures.
  • Experience with Docker and Kubernetes.
  • Experience working with CI/CD tools.
  • Previous experience in a DevOps role and incorporating security controls in the build process.
  • Presentation skills with a high degree of comfort with both large and small audiences (Senior Executives, IT management and Developers).
  • Architecting and designing Cloud Security and Related technologies.
  • Project Management principles and processes.
  • Application design principles.
  • Ethical hacking and penetration testing.
  • Messaging and Collaboration technologies and architecture.
  • Identity Management Solutions.
  • Experience working with RESTful APIs and Web Services.
  • Experience in engineering data and/or security log pipelines using Big Data technologies such as Spark, Kafka, Hadoop, Storm, etc.
  • Understanding of modern software engineering patterns, including those used in highly scalable, distributed, and resilient systems.
  • Ability to deliver long-term, repeatable IaC solutions that incorporate directly into an overall CI/CD process.
 
ATTRIBUTES:
  • Communication skills (written and verbal) in English.
  • Consultation, facilitation and presentation skills.
  • Negotiation and influencing skills.
  • Analytical, conceptual and diagnostic skills.
  • Attention to detail.
  • Ability to work under pressure in a fast-paced environment.
  • Planning and organising skills.
  • Demonstrate initiative, proactive attitude and a continuous improvement mindset.
  • Leadership (including Coaching, Mentoring) skills.
Team player.