About You

The Senior Manager, Cloud Security Engineering is pivotal in protecting Carsome's cloud infrastructure and applications. This leadership role demands a blend of technical expertise in cloud security and a strong foundation in DevOps practices. The ideal candidate will spearhead the integration of security within our DevOps processes, promoting a security-first approach in all phases of development and operations. We are seeking someone who is not only skilled but also passionate about embedding security throughout the development lifecycle, ensuring that it is a core component of all development and operational activities.

Your Day-to-Day

Strategic Leadership:

• Develop and implement a comprehensive multi-cloud security strategy (AWS, GCP, Azure) that integrates seamlessly with our DevOps cycles, aligning with Carsome's business objectives and risk management framework.

• Establish and enforce cloud security policies and standards tailored for agile development environments, leveraging industry frameworks such as CIS and NIST.

• Champion the selection and optimization of cloud security tools and services (e.g., OWASP, QRadar SIEM, CrowdStrike) to enhance our DevSecOps capabilities.

• Cultivate strong relationships with external security vendors and service providers to enhance our security resources and knowledge base.

Operational Excellence:

• Lead robust vulnerability assessment and penetration testing (VAPT) initiatives, focusing on early and continuous testing within the CI/CD pipeline.

• Conduct thorough threat modelling and risk assessments in collaboration with DevOps teams to preemptively address potential security issues.

• Monitor cloud environments and automate security incident responses to maintain system integrity and quick issue resolution.

• Drive the adoption and refinement of secure software development practices, embedding security at every stage of development.

Compliance & Governance:

• Ensure strict compliance with relevant security regulations and standards such as SOX and ITGC, particularly within software development processes.

• Work closely with internal audit and risk management teams to sustain a proactive security posture and comply with legal and regulatory requirements.

• Oversee the creation and upkeep of detailed security documentation, ensuring all DevOps activities are transparent and auditable.

Team Leadership:

• Lead, mentor, and expand a team of cloud security engineers with a focus on building security expertise within our DevOps teams.

• Foster a culture of continuous improvement and security awareness, emphasising the importance of security in cloud and software development practices.

Your Know-How

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, with a strong technical foundation in software development and cloud environments.

• In-depth knowledge of cloud security best practices and frameworks, with experience in implementing security controls within DevOps pipelines including automated testing, secure coding practices, and proactive security measures.

• Expert understanding of cloud security architectures and the ability to translate complex technical concepts into actionable security measures.

• Comprehensive knowledge of modern security tools and technologies (e.g., SIEM, WAF, EDR, CASB), with a focus on their integration into DevOps practices.

• Familiarity with compliance and regulatory frameworks (e.g., SOX, ITGC), especially as they relate to software development and cloud services.

• Excellent strategic planning, communication, and team-building skills.