Senior Cloud Security Analyst

Qualys is seeking a Senior Cloud Security Analyst to enhance our cloud security posture across OCI, AWS, Azure, and GCP environments. This pivotal role will concentrate on cloud threat detection, security monitoring, posture management, incident response, and automation, collaborating closely with Cloud Operations, DevOps, Network Security, Site Reliability Engineering, Platform Security, and SOC teams. The ideal candidate possesses extensive hands-on cloud security experience, a profound understanding of cloud-native security controls, and the ability to translate security findings into concrete risk reduction strategies.

Key Responsibilities:

Cloud Security Management

• Manage and enhance security across OCI, AWS, Azure, and GCP platforms.
• Implement and uphold cloud security baselines and best practices, including CIS benchmarks.
• Review and secure cloud architecture designs.
• Ensure secure configurations for cloud services, storage, databases, and networking.

Identity & Access Management

• Manage cloud IAM policies and enforce least-privilege access principles.
• Monitor and govern service accounts, roles, and permissions.
• Conduct regular access reviews and revoke unused privileges.
• Manage encryption keys, secrets, and certificates using cloud KMS or secret vaults.

Data Protection

• Ensure data encryption at rest and in transit.
• Support data classification, privacy controls, and Data Loss Prevention (DLP) guardrails.
• Monitor for data exposure risks and prevent unauthorized access.

Threat Detection & Incident Response

• Monitor cloud logs and alerts using SIEM, CSPM, and native cloud tools.
• Investigate cloud security incidents and contribute to incident response efforts.
• Prepare incident reports, root cause analyses, and preventive action plans.
• Maintain and improve cloud incident response playbooks.

Vulnerability & Exposure Management

• Execute cloud vulnerability scans and misconfiguration checks.
• Track and drive remediation of high-risk findings.
• Validate patching and follow up with engineering teams.

Governance, Risk & Compliance

• Ensure compliance with standards such as CIS, NIST, ISO 27001, and SOC 2.
• Support internal and external audits with evidence and documentation.
• Conduct security assessments for new cloud services and integrations.
• Maintain risk registers and track remediation plans.

Monitoring & Logging

• Ensure centralized logging and monitoring for all cloud environments.
• Create dashboards and reports on cloud posture, compliance, and risk.
• Ensure log integrity, retention, and continuous visibility.

Workload Protection

• Secure containers, Kubernetes clusters, and serverless workloads.
• Ensure image scanning, runtime security, and admission policies.
• Implement secure API practices, rate limiting, and authentication controls.

Business Continuity & Resilience

• Validate cloud backup, recovery processes, and disaster recovery (DR) readiness.
• Review high-availability configurations and minimize blast radius.
• Maintain break-glass procedures and monitor their usage.

Collaboration & Enablement

• Collaborate with engineering teams to guide them on secure cloud patterns.
• Provide documentation, best practices, and training sessions.
• Mentor junior analysts as needed.

Skills:

• Proficiency in cloud platforms like AWS, Azure, Google Cloud, and OCI, including their services and architecture.
• Expertise in designing secure cloud architectures, encompassing network segmentation, data encryption, and disaster recovery strategies.
• Strong skills in managing user identities, permissions, roles, and access controls within cloud environments.
• Ability to set up monitoring tools, analyze security logs, and respond promptly to security incidents.
• Familiarity with cloud-native security services and tools from providers (e.g., AWS Security Hub, Azure Security Center).
• Capability to assess security risks, prioritize them, and develop mitigation strategies.
• Knowledge of network protocols, firewalls, IDS/IPS, VPNs, and other network security concepts.
• Familiarity with encryption algorithms, SSL/TLS protocols, and cryptographic key management.
• Experience with vulnerability scanning tools, penetration testing methodologies, and patch management.
• Knowledge of scripting languages (e.g., Python, PowerShell) and automation tools (e.g., Terraform, Ansible) for automating security tasks.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Relevant certifications such as CCSK, CCSP, and cloud-native certifications (AWS, Azure, OCI, GCP) are highly desirable.
• Proven track record of designing and implementing complex cloud environments, preferably in a cloud security engineer role.
• Experience implementing security controls in cloud environments using tools like AWS Security Hub, AWS GuardDuty, Azure Security Center, or Google Cloud Security Command Center.
• Knowledge of industry-standard security frameworks and regulations (e.g., NIST, CIS, GDPR, HIPAA).
• In-depth understanding of cloud components, IAM, and best practices, including user provisioning and access management.
• Familiarity with CSP environments such as OCI, AWS, Azure, and GCP.
• Experience with cloud governance, security implementation, and monitoring processes.
• Strong problem-solving and analytical skills to assess cloud requirements and propose effective solutions.
• Excellent communication and collaboration skills for working with cross-functional teams and stakeholders.
• Strong project management skills to drive cloud initiatives and deliver successful outcomes.