AliCloud Security Engineer

Building a Safer Cyberspace: 
At Horangi, we’re passionate about building a safer cyberspace and creating software that solves challenging cybersecurity problems. Horangi focuses on building partnerships with our customers, developing an understanding of their business goals and building a security strategy that helps achieve their objectives. Horangi’s personnel have an extensive engineering experience and strong background in penetration testing and strategic consulting, partnering both large multinational networks and small organizations with focused missions. We enjoy solving tough security problems and we are eager to find new challenges and build new relationships. 
The Job :
We look for an exceptional Security Engineer to lead and support the new cybersecurity assessment program. You’ll be expected to be a technical, hands-on person acting as the subject matter expert of the Alicloud infrastructure in a hyper-growth environment. 
 You’ll be working with various technical teams to identify cloud security controls, develop rules and automate processes in order to understand clients’ challenges and improve their overall cybersecurity posture by recommending products, tools and services that will suit their needs.
The ideal candidate is someone with a proven track record, sound technical knowledge and skills in both managing and mitigating risks of complex, large-scale deployments on public cloud infrastructure. The role will be responsible fro technical responses to formal client submissions across the business, providing subject matter expertise.
This role will also be responsible for implementing and helping to configure the security of our customers’ cloud environment across cloud services, using our product, Warden, as well as other best in class security tools.

Responsibilities

• Designing, developing, and implementing cloud security detections and tools that improve the defense of AliCloud infrastructure and applications
• Analyze systems, threat model new features, identify security vulnerabilities in implementation, and recommend cloud security controls to ensure end-to-end protection
• Manage and triage findings from cloud security tools
• Documenting and disseminating security guidelines for common cloud security issues, remediation guidance, and security baselines
• Strategize vulnerability management for the application and business team in the cloud

Requirements

• BSc in Computer Science / Information Technology, or in a related field with at least 6 years experience working in cybersecurity management delivering results on solutions
• Experience assessing and mitigating risks related to public cloud deployment (e.g. AliCloud, AWS, Tencent Cloud, Azure)
• Experience in infrastructure templating tools like AliCloud Resource Orchestration Service, AWS CloudFormation, and equivalents
• Understanding of networking concepts on Cloud such as VPCs, DNS PrivateZone, SLB, CDN, security group on AliCloud and equivalents
• Experience with storage services such as OSS, EBS (ESSD), file storage NAS, and Tablestore on Alicloud and its equivalents
• Experience with containerization on Cloud, ACK (Dedicated/Managed/Serverless Kubernetes), ACR (Container Registry), ASM (Service Mesh) on AliCloud
• Understanding of container security such as container escape, malicious image, master/node security baseline
• Experience implementing cloud native security controls using IAM, Config, Security Center, ActionTrail, CloudMonitor, KMS, WAF, Certificate Service on AliCloud and its equivalents
• Experience with Anqishi/Security Center agent installation and agent based HIDS, including vulnerability scanning, baseline monitoring, backdoor alerting, reverse shell detecting
• Experience with security orchestration, automation and response tools Very good understanding of vulnerability scanning tools
• Proven ability to explain technical content to a non-technical audience across multiple levels of seniority from technical teams to C-suite
• Proven ability to manage client interactions and manage expectations
• Demonstrable problem solving skills
• Strong interpersonal and communication skills
• Strong document-writing skills
• Ability to provide technical guidance to consultancy team
• Good understanding of cyber security threats, threat actors, tradecraft and mitigation techniques is highly desirable
• Strong knowledge in cloud security and the implementation of it.

Join us at Horangi, and do the best work of your life!