Cloud Security (InfoSec) Specialist

• Cloud Governance and Standards
  
• Risk & Exception Management: Run risk assessments on cloud services/Servicesloads; propose compensating controls; operate exception register with expiry and review cadence.
  
• Identity & Access Governance: Design RBAC/ABAC models, SoD matrices, privileged access patterns, break-glass procedures; lead quarterly access reviews with evidence capture.
  
• Data Protection: Classify data; specify encryption at rest/in transit; key management lifecycle (KMS/Key Vault/Cloud KMS), BYOK/HYOK guidance, DLP guardrails
  
• Logging & Monitoring Requirements: Define mandatory telemetry (CloudTrail/Azure Activity/GCP Audit), retention/integrity controls, and SIEM onboarding schema/use cases.
  
• Posture Management (CSPM/CIEM/CNAPP): Configure and tune policies; triage high-severity findings; route ownership; track remediation SLAs and metrics.
  
• IR Enablement (Cloud): Author cloud-specific playbooks (privilege escalation, exposed storage, key compromise); define evidence collection and containment prerequisites for SOC.
  
• Compliance & Audit Readiness: Map controls to ISO 27001/GDPR/NIA/Qatar Cloud Policy frameServices/ etc.; produce test procedures and evidence plans; support audits without material findings.
  
• Stakeholder Communication: Clear, concise risk narratives and decision records for engineering leads, product owners, and auditors.
  
• Nice-to-Have / Depth Areas:
  

- DevSecOps Oversight: Policy-as-code checks (OPA/Kyverno/Conftest), IaC compliance gates (Terraform/ARM/Bicep), artifact integrity (signing/SBOM/SLSA) governance focus.
- Kubernetes/Container Governance: Pod Security Standards, admission policy governance, registry controls, and runtime policy baselines.
- SaaS Security Reviews: Due diligence and ongoing assurance for high-risk SaaS (identity, data residency, logging, export controls).
- Data Residency & Sovereignty: Regulatory mapping and guardrail design for regional constraints.



Requirements

• Bachelor’s in computer science, Information Security, IT and equivalent hands‑on experience.
  
• Certifications (nice‑to‑have): CCSP, CISSP, ISO 27001 Lead Implementer/Auditor, Microsoft SC‑100/SC‑200, AWS Security‑Specialty, GCP Manpower Cloud Security Engineer.
  
• Knowledge: CIS Benchmarks, ISO 27001/27017/27018, NIST 800‑53/CSF, CSA CCM, MITRE ATT&CK (Cloud)
  
• 5+ years cloud security (governance/assurance) with hands-on in at least one major cloud.