Cloud Security Engineer

About Security Bank

We're one of the Philippines’ leading universal banks. Over the years, we received various awards and accolades for being one of the most stable in the banking industry.

The Role

As a Cloud Security Engineer   you are responsible for helping ensure the security of SBC's Cloud & Application infrastructure. S/He ensures that all identified vulnerabilities are resolved in a timely and efficient manner.

How you'll contribute:

• Helps to ensure that security controls on SBC's Cloud and Applications are implemented and effective
• Helps to ensure that Cloud & Application controls are adequate to meet legal, regulatory, policy, standards, and security requirements adopted by the Bank
• Contributes to all activities required to ensure proper risk management, and other information-security related requirements with which the organization is required to comply. This includes ensuring that long standing issues and concerns are appropriately escalated
• Coordinates with different stakeholders on the implementation of defined and approved security controls to protect SBC's cloud, networks, systems, and applications of the Bank and its subsidiaries. This includes ensuring that vendor certification and accreditation activities are performed prior to releasing new systems and software to the production environment
• Researches, trains and advocates novel technologies and tools to ensure the latest trends and developments are considered as part of SBC's IT security
• Supports a positive and collaborative digital delivery culture with a philosophy of continuous improvement, development, innovation and excellence, while remaining in compliance with the bank’s policies and procedures and upholding the highest standards of professional conduct

What we're looking for:

• Assessments, implementation of security controls, and incident response
• Understanding of security best practices and regulations, such as NIST, ISO 27001, and PCI-DSS
• Strong knowledge of cloud computing platforms, such as AWS, Azure, and Google Cloud
• Familiarity with cloud security tools, such as security information and event management (SIEM), firewall, intrusion detection/prevention systems (IDS/IPS), and data loss prevention (DLP)
• Knowledge of security protocols, such as SSL, TLS, and SSH
• Knowledge of application security, including threat modeling, OWASP Top 10, and secure coding practices
• Knowledge of security policies and standards, such as ISO 27001, NIST, and CIS 20
• Understanding of security frameworks, such as NIST Cybersecurity Framework (CSF) and Center for Internet Security (CIS) Controls
• Knowledge of cloud security architecture and design