全职 Cloud Security Engineer (Cloud Platform - GRC exp) 工作, 薪水, Optimum Solutions Pte Ltd 公司招聘中 - Ricebowl

Overview:

The Cloud Security Engineer is responsible for strengthening cloud and hybrid infrastructure security through governance, risk management, architecture assurance, and continuous improvement of detection and response capabilities.

Responsibilities:

• Develop, document, and maintain cloud security policies, standards, and procedures aligned with regulatory expectations and organizational risk appetite.
• Design and enhance risk assessment methodologies and security frameworks to ensure consistent evaluation and treatment of risks across cloud and enterprise environments.
• Conduct architecture reviews and threat modelling for new and existing systems to identify design-level security risks and recommend mitigations.
• Perform risk assessments and produce clear, actionable reports with prioritized remediation plans tailored to business impact and compliance requirements.
• Review and tune detection rules, correlation logic, and security policies to improve alert quality, reduce false positives, and enhance detection effectiveness.
• Collaborate with Security Engineering and SOC teams to continuously improve monitoring, detection, and response capabilities through iterative feedback loops.

Requirements:

• 5-7 years of experience in cloud security across AWS, Azure, or GCP in enterprise environments.
• Good understanding of security architecture, infrastructure design, IAM, encryption, logging, and cloud-native security controls.
• Experience in risk assessment methodologies, security frameworks, and enterprise risk management practices.
• Familiarity with threat modelling techniques and identifying design-level vulnerabilities.
• Hands-on experience with SIEM tools, detection rules, correlation logic, and alert tuning.
• Ability to translate technical security risks into clear, prioritised remediation actions and risk-based reports.
• Strong analytical skills with the ability to assess complex systems and prioritise risks effectively.
• Experience in financial services, government, or similarly regulated industries is preferred.
• Certifications such as CISSP, CISM, or cloud security certifications are advantageous.