Role and Responsibilities

• Lead remediation of cloud misconfigurations flagged by CSPM tools (CrowdStrike CSPM, Upwind) and drive adoption of tools like Stacklet for configuration management.

• Drive encryption key upgrades and secrets management automation using AWS KMS, Secrets Manager, or Azure Key Vault.

• Develop plans and tooling integrations for Okta PAM JIT, support secure remote access, and guide BeyondTrust EPM enhancements.

• Integrate security controls into CI/CD pipelines (Jenkins, GitLab, Azure DevOps), including SAST/DAST automation (Snyk).

• Define and enforce best practices for AWS IAM cleanup, account audits, and least privilege enforcement.

• Support secure logging, detection engineering, and incident response integrations with SIEM tools like SumoLogic.

• Lead threat modeling sessions, develop detection libraries, and integrate them into the SDLC.

• Drive container and Kubernetes security best practices including image scanning and policy enforcement.

• Collaborate on AI governance improvements, including secure AI deployment and threat modeling for AI systems.

Technical Must-Know Concepts

• AWS/Azure Security: IAM, KMS, GuardDuty, Security Center, Stacklet, Okta PAM.

• DevSecOps Tooling: Jenkins, GitLab CI/CD, Snyk, TruffleHog, Terraform.

• Vulnerability Management: CrowdStrike CSPM, Snyk, container scanning.

• Secrets Management: AWS Secrets Manager, Azure Key Vault, HashiCorp Vault.

• Compliance Standards: NIST, ISO 27001, SOC 2.

• Threat Modeling: STRIDE, DREAD.

  • AI Security: AI governance frameworks, LLM guard deployment.