Cyber Security Cloud Engineer

Company Description

Nine is Australia’s largest locally owned media company – the home of Australia’s most trusted and loved brands spanning News, Sport, Lifestyle, and Entertainment. We pride ourselves on creating the best content, accessed by consumers when and how they want – across Publishing, Broadcasting and Digital.

Nine’s assets include the 9Network, major mastheads such as The Sydney Morning Herald, The Age and The Australian Financial Review, radio stations 2GB, 3AW, 4BC and 6PR, digital properties such as nine.com.au, 9Now, 9Honey, Pedestrian.TV, Drive, subscription video platform Stan and a majority investment in Domain Group.

Our Purpose: We shape culture by sparking conversations, challenging perspectives, and entertaining our communities.

We bring people together by celebrating the big occasions and connecting the everyday moments. Australia belongs here. We bring our purpose to life via three shared values: We walk the talk, turn over every stone and keep it human.

Job Description

The Cyber Security team provides governance, audit, control, and operational Cyber Security capabilities to support business and operational objectives of Nine group. Minimising friction and managing appropriate risk are key tenets of the team.  The Security team works closely with the Security Cloud Practice, Product Engineering, Network and Infrastructure and Services teams to collaboratively manage cyber controls.

As the Cyber Security Cloud Engineer, you will be responsible for the management of cyber security controls, settings and configuration within our cloud environments. You will be familiar with AWS, GCP and Azure cloud infrastructure. 

This will include reviewing IaaC, output of Cloud Conformance checks, and Cloud Security Posture Management.

You will assess system vulnerabilities and configurations for security risks and propose and implement risk mitigation strategies. You will help the cyber security team to define and automate Cloud Security Controls,  and help accelerate cloud migrations. You will solve problems, design, implement and maintain security standards in a DevOps environment.

Identify cloud misconfigurations, software vulnerabilities, and compliance violations across multi-cloud environments. Get visibility of cloud assets and resources, including abnormal resource consumption, and identify security issues that could lead to compromise.

This is an important role within the cyber security team and will provide an opportunity for someone to contribute to a significant uplift in Nines security posture.  This is a permanent full time opportunity. 

Key accountabilities of this role is to 

• Be accountable for providing the operational support of Nine's cloud based security controls, access management, networking and container security settings, and assist with their ongoing deployment.

• Identify ways to improve performance and stability of the services and applications through continuous improvement and automation.

• Collaborate with Nines  stakeholders and contribute to the deployment and improvement plans for the Security roadmap.

• Work closely with the SOC, functional and technical teams to provide timely resolution of level 2 and 3 cloud related incidents and problems.

• Work with application owners to assess and prioritise their readiness to be on-boarded to security tools and management systems and lead the onboarding.

• Perform user access reviews to ensure the principle of least privilege is enforced throughout the environment .

• Work closely with the cyber risk team to enforce access control policies, standards and guidelines.

Qualifications

• Previous experience with security tools such as Okta, BeyondTrust and Crowdstrike.

• Experience with Kubernetes, ECS, EKS

• Have a strong track record in the cloud security  domain.

• Good system design/architecture knowledge

• Possesses hands-on Cloud technical experience (AWS, GCP preferred)

• Strong understanding of API development and integrations

• Hands-on experience of programming in languages such as Python, NodeJS/Typescript or similar.

• Hands-on experience with automating cloud native technologies, deploying applications, and provisioning Infrastructure as Code (e.g. AWS CodePipeline and CodeBuild, TeamCity, GitHub Actions…)

• Experience with the full software development lifecycle and delivery using Agile practices with specific focus on the following concepts: source control, CI/CD, automated testing, logging and monitoring.

• AWS Cloud Certifications 

• Have a good understanding of Active Directory and knowledge of public cloud architecture (i.e. AWS, Entra or GCP).

• Great stakeholder management skills.

• Excellent written, verbal and analytical skills.

• Be able to translate business needs into viable solutions and process designs.

• Governance, Risk and Compliance and Role Based Access Control experience is an advantage but not essential.

• Knowledge and understanding of privilege access management concepts.

Additional Information

Our Commitment to Diversity and Inclusion:

At Nine, we are committed to fostering a workforce that embraces all aspects of diversity and inclusion and where practices are equitable to ensure our people experience a sense of belonging. From day one, you'll be encouraged to bring your whole self to work and will be supported to perform at your best. Should you require any adjustments to the recruitment process in order to equitably participate, we encourage you to advise us at the time of application.

We encourage applications from Aboriginal and Torres Strait Islander people, people with disabilities, and of all ages, nationalities, backgrounds and cultures.

Disclaimer: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.