Cloud Security Engineer II
TraceLink
Company overview:
TraceLink’s software solutions and Opus Platform help the pharmaceutical industry digitize their supply chain and enable greater compliance, visibility, and decision making. It reduces disruption to the supply of medicines to patients who need them, anywhere in the world.
Founded in 2009 with the simple mission of protecting patients, today Tracelink has 8 offices, over 800 employees and more than 1300 customers in over 60 countries around the world. Our expanding product suite continues to protect patients and now also enhances multi-enterprise collaboration through innovative new applications such as MINT.
Tracelink is recognized as an industry leader by Gartner and IDC, and for having a great company culture by Comparably.
The Opportunity:
We are looking for a cloud security engineer who is keen on securing modern cloud infrastructure, contribute to the various initiatives for infrastructure security in support of our SaaS services. This hands-on role will partner with members in the Security team as well as the cross-functional product-focused teams to maintain overall security posture for TraceLink.
Major Duties / Responsibilities
- Conduct regular infrastructure security assessments, vulnerability scans in cloud environments and maintain security posture as per TraceLink security policies, compliance requirements
- Contribute to design, implementation & maintenance of open-source or cloud-native security solutions to align with Industry best practises
- Help security team to enhance logging, monitoring & detection capabilities of SIEM solution, develop & test new use-cases in cloud & k8s infrastructure
- Conduct privileged access reviews of the TraceLink enterprise applications and servers, support the inclusion of new sources in review scope
- Support the adoption of modern container run-time security IAM solutions, K8S environment secure hardening and threat detection tooling for EKS infrastructure
- Monitor security alerts and support incident response activities; partner with multiple teams as needed to resolve the incidents
- SupportDevelop existing & develop new automation automation scripts/tools for redundant and/or manual tasks
- Collaborate with senior members in Product Development, and Cloud Operations to implement and adopt the modern security focused technologies and services
Skills and Requirements:
- Minimum 3+ years of hands-on experience in the equivalent security role, including following:
- experience on securing cloud platforms (AWS Preferred) and Kubernetes(K8S) deployments
- experience on with cloud native or 3rd party security solutions/services (open source preferred)
- experience on SIEM, Vulnerability Management Solutions, Container Security Tools
- Working knowledge/experience with CSPM solutions to secure public cloud platforms aligned with industry best practises
- Working experience on developing & implementing security use-cases, alerts based on different log sources
- WorkingStrong knowledge/experience on competency in working with of AWS IAM roles, policies, Identify Federation, Service Control Policies (SCPs), S3 bucket policies etc
- Demonstrable technical knowledge of Linux/Unix, how to secure the production servers
- Automation & Scripting experience with Python & Boto3
Preferred Skills
- Experience with implementation and automation of open-source (CNCF) cloud security tools
- Experience on using ticketing or defect tracking systems such as Jira, Service-Now etc
- Experience working in DevSecOps environment, Infrastructure-as-Code tools operating & securing CI/CD pipeline, Git etc.
- Certifications such as AWS Solution Architect, and/or Security Specialty, CCSP, SANS Security, and other industry and vendor-specific security certifications
- Bachelor's degree in Computer Science, Information Systems Security, or equivalent experience
- Familiarity with ISO 27001, ISO 27017, SOC 2, NIST, and GxP requirements
- Excellent verbal and written communication skills, including executive-level presentations
Please see the Tracelink Privacy Policy for more information on how Tracelink processes your personal information during the recruitment process and, if applicable based on your location, how you can exercise your privacy rights. If you have questions about this privacy notice or need to contact us in connection with your personal data, including any requests to exercise your legal rights referred to at the end of this notice, please contact Candidate-Privacy@tracelink.com.