Talent.com
Senior Cloud Security Engineer (AWS) | 2025HP11006 / #4nLAED41

Senior Cloud Security Engineer (AWS) | 2025HP11006 / #4nLAED41

MindverseconsultingKuala Lumpur, Kuala Lumpur, Malaysia
1 day ago
Job description

Mindverse Consulting Services | Permanent

Kuala Lumpur, Malaysia | Posted on 08 / 11 / 2025

  • Education Bachelor’s or Master’s degree in Computer Science, Telecommunications, or related field.
  • Positions 1
  • Job Opening Status In-progress
  • Country Malaysia
  • Postal Code 50000

About Us

We are SME IT Consulting Company focusing on Cloud Computing & Data Science Consulting space across Europe and INDIA .

We also support our customers by providing technical consultant on contract as per their project requirements.

We call such services as SKILL-PARTNERSHIP and we are now operational in 40+ countries globally .

Job Description

JobSummary

We areseeking a Senior Cloud Security Engineer to lead the design, implementation,and enforcement of advanced AWS and container security controls under the FirstGlobal Security Program. This role spans VPC segmentation, firewalls,encryption, DLAP / DLP, EDR, DNS protection, Kubernetes hardening, andvirtualization security, with a heavy emphasis on Terraform-drivenautomation, anomaly detection, and attack prevention at scale. The successfulcandidate will be instrumental in building global Zero Trust architecturesacross multi-region AWS deployments, securing EKS / ECS clusters,virtualization workloads, and hybrid integrations while ensuring fullalignment with compliance frameworks in regulated financial environments.

JobResponsibilities

  • Design and implement multi-VPC architectures with subnet micro-segmentation and Transit Gateway routing enforcement.
  • Enforce Zero Trust network segmentation between workloads, users,and external partners.
  • Apply strict ingress / egress controls with AWS Network Firewall, Security Groups, and NACLs.
  • 2. Firewalling, DNS & Threat Prevention

    • Deploy AWS Network Firewall with custom Suricata / DPI rulesets.

  • Apply AWS WAF Advanced Protections for APIs, trading platforms, andclient portals.
  • Harden DNS with Route 53 Resolver DNS Firewall, enforcing globalanti-tunneling and anti-spoofing policies.
  • Define and monitor DLAP / DLP prevention policies to prevent dataexfiltration across all workloads.
  • Integrate EDR (CrowdStrike, SentinelOne) for all EC2, container,and serverless workloads.
  • 3. Encryption & Data Security

    • Enforce encryption at rest, in transit, and in use (KMS, ACM, HSM,TLS 1.3, Nitro Enclaves).

  • Automate key lifecycle management and cross-region rotation.
  • Apply confidential computing protections for financial and tradingworkloads.
  • Secure EKS, ECS, and Kubernetes clusters with pod-level networkpolicies, RBAC / ABAC, and runtime security.
  • Implement container image scanning (ECR, third-party registries)and vulnerability management pipelines.
  • Deploy Kubernetes-native firewalls and admission controllers forZero Trust enforcement.
  • Harden virtualized workloads (VMs, WorkSpaces, VMware on AWS) withendpoint monitoring and network micro-segmentation.
  • Establish runtime anomaly detection for containerized andvirtualized workloads (Falco, GuardDuty for EKS, Datadog).
  • 5. Anomaly Detection & Attack Prevention

    • Implement AI / ML-based anomaly detection for network, DNS, andworkload behaviors.

  • Define preventive playbooks for insider threats, DNS tunneling, andprivilege escalation.
  • Correlate findings from GuardDuty, WIZ, Inspector, and SIEMplatforms to predict and prevent attacks.
  • Lead threat modeling and red team exercises across cloud andcontainer environments.
  • 6. Infrastructure as Code & Automation

    • Build secure Terraform modules for AWS, Kubernetes, and firewallpolicies.

  • Automate posture drift detection with Terraform + WIZ / Security Hubintegrations.
  • Drive adoption of GitOps workflows for immutable securitydeployment.
  • 7. Observability & Incident Response

    • Integrate ISeeFirst alerting into Jira, Slack, and PagerDutyworkflows.

  • Lead incident response and containment for anomalies in AWS,Kubernetes, and virtualized workloads.
  • Build automated response pipelines (e.g., isolate compromisedcontainers or VPC subnets automatically).
  • 6–8+ years in Cloud Security Engineering, with AWS specialization.
  • Deep knowledge of VPC segmentation, subnets, firewalling, and ZeroTrust architectures.
  • Strong expertise in Kubernetes / EKS security (network policies,admission controllers, pod runtime security).
  • Proven track record implementing EDR, DLAP / DLP, and DNS protectionstrategies.
  • Strong experience with Terraform and IaC security automation.
  • Advanced knowledge of encryption-in-transit, -at-rest, and -in-use(KMS, TLS, Nitro, Enclaves).
  • Hands‑on with SIEM, anomaly detection, and ML-based attackprevention.
  • Familiarity with compliance frameworks (CIS, NIST 800-53, ISO27001, SOC2, GDPR, ASIC, ESMA).

    • Preferred Certifications

  • AWS Certified Security – Specialty (required)
  • AWS Solutions Architect – Professional
  • AWS Advanced Networking – Specialty
  • Certified Kubernetes Security Specialist (CKS)
  • HashiCorp Terraform Associate (with security modules focus)
  • CISSP (Certified Information Systems Security Professional)
  • CCSP (Certified Cloud Security Professional)
  • SANS GIAC Cloud Security Certifications (GCSA, GCLD, GDSA)
  • ISO 27001 Lead Implementer / Auditor (plus for regulatory readiness)

    • BackgroundCheck required

    No criminal record

    Others

  • Interview process- 2-3 rounds
  • This is 5 days work from office role.
  • Candidate should clearly mention all projectdetails along with mandatory technical skills used in each project.
  • You must be a local Kuala Lumpur candidateonly

    • #J-18808-Ljbffr

    Create a job alert for this search

    Cloud Engineer • Kuala Lumpur, Kuala Lumpur, Malaysia