Cloud Security Engineer

BAT is evolving at pace - truly like no other organisation.

To achieve the ambition, we have set for ourselves, we are looking for colleagues who are ready to live our ethos every day. Come be a part of this journey!

BAT POLAND IS LOOKING FOR A CLOUD SECURITY ENGINEER

JOB TITLE:Cloud Security Engineer

SENIORITY LEVEL: Experienced professional

FUNCTION: Technology / Cyber Security

TYPE OF CONTRACT: Permanent

START DATE: As soon as possible

LOCATION: Bucharest, Romania orWarsaw, Poland

ROLE POSITIONING AND OBJECTIVES

What are the key objectives and expectations from this role?

The role will be responsible for operationalizing and delivering security engineering requirements as directed by the Global Head of Security Architecture & Engineering. Partnering with the broader Digital Business Solutions (DBS) organization, you will be responsible for network-based controls in our multi-cloud and on-premises environment and delivering Security Engineering strategies alongside teammates and partners, aligning with BAT enterprise growth strategy.

You will be a subject matter expert on:

• Designing and implementing secure cloud network architectures that align with industry best practices and meet the organization's security requirements. This includes network segmentation, secure access controls, and secure connectivity between cloud resources.
• Configuring and managing cloud-specific security controls, such as network security groups, virtual private clouds (VPCs), security groups, access control lists (ACLs), and virtual private network (VPN) gateways. Ensuring proper configuration and adherence to security policies and standards.
• Monitoring and analyzing network traffic and logs within the cloud environment to detect and respond to security incidents or potential threats. Implementing network intrusion detection and prevention systems (NIDS/NIPS) and security information and event management (SIEM) solutions for effective monitoring and alerting.
• Implementing and managing robust identity and access controls for cloud resources. This includes designing and configuring role-based access controls (RBAC), multi-factor authentication (MFA), and privileged access management (PAM) for secure access to cloud resources.
• Ensuring compliance with relevant security standards, regulations, and frameworks in the cloud environment. This includes understanding and implementing controls to meet requirements such as GDPR, HIPAA, PCI DSS, and ISO 27001.
• Participating in security incident response activities, investigating, and responding to security incidents or breaches in the cloud environment. Collaborating with cross-functional teams to contain the incident, mitigate the impact, and implement remediation measures.
• Conducting security assessments and vulnerability scans of cloud environments to identify and remediate security vulnerabilities and misconfigurations. Performing regular audits and assessments to ensure ongoing compliance and security of cloud networks.
• Assisting in the development and implementation of cloud security policies, standards, and procedures. Contributing to the cloud security governance framework, risk assessments, and security awareness programs.
• Collaborating with cloud service providers to understand their security offerings, ensure the proper configuration and implementation of security controls, and address any security-related concerns or incidents.
• Leveraging automation tools and scripting languages to streamline and automate security tasks and processes in the cloud environment. This includes scripting security configurations, managing security infrastructure, and integrating security solutions.
• Staying up to date with the latest cloud security trends, emerging threats, and industry best practices. Continuously expanding knowledge and skills through training, certifications, and participation in relevant security communities or forums.

What is the direct impact of this role on the team or organization?

To provide architectural direction to maximize the value from technology innovation in a way that manages the cyber security risk and helps increase compliance, minimizing business disruptions from potential cyber-attacks and data breaches.

Reports to: Global Head of Security Architecture & Engineering

Reporting Level: no direct reports

Geographic Scope: Global

WHAT YOU WILL BE ACCOUNTABLE FOR

• Conducting security assessments, vulnerability scans, and penetration testing of cloud environments to identify and remediate security vulnerabilities, misconfigurations, and potential risks. Performing regular audits and assessments to ensure compliance with security policies and industry regulations.
• Implementing and managing robust identity and access controls for cloud resources, including user access management, role-based access controls (RBAC), multi-factor authentication (MFA), and privileged access management (PAM).
• Monitoring cloud environments for security incidents and responding promptly to security events and breaches. Utilizing security information and event management (SIEM) solutions, log analysis tools, and threat intelligence to detect, investigate, and mitigate security incidents.
• Leveraging automation tools, scripting languages, and cloud-native security services to automate security tasks and processes. This includes security configuration management, incident response workflows, continuous security monitoring, and security policy enforcement.
• Collaborating with cloud service providers to understand their security offerings, evaluate security controls, and ensure the proper implementation and configuration of security measures within the cloud environment. Reviewing and assessing the security posture of cloud providers.
• Providing security education and awareness to cloud users, development teams, and other stakeholders. Promoting security best practices, conducting security training sessions, and fostering a security-conscious culture within the organization.
• Contributing to the development and implementation of cloud security policies, standards, and procedures. Participating in security governance initiatives, risk assessments, and security incident response planning.

ESSENTIAL EXPERIENCE, SKILLS, AND KNOWLEDGE

• Designing, implementing, and maintaining secure cloud network/Zero-Trust architectures.
• Configuring and managing firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
• Collaborating with cross-functional teams to develop and enforce security policies and procedures.
• Zero Trust Network Access/IAM
• Monitoring network traffic for suspicious activities and responding to security breaches.
• Conducting security audits and assessments to ensure compliance with industry standards and regulations.
• Network architecture and design principles.
• Certified Cloud Security Professional (CCSP): Demonstrates expertise in cloud security architecture, design, operations, and service orchestration.
• AWS Certified Security - Specialty: Validates skills in designing and implementing secure applications and infrastructure on the Amazon Web Services (AWS) platform.
• Microsoft Certified: Azure Security Engineer Associate: Focuses on securing Azure cloud environments, including identity and access management, data protection, and threat protection.
• Security technologies and tools (firewalls, IDS/IPS, SIEM, antivirus, etc.).
• Certified Information Systems Security Professional (CISSP): Widely recognized and respected, CISSP demonstrates comprehensive knowledge and experience in various domains of information security.
• 8+ years of relevant professional experience
• Certified Information Security Manager (CISM): Demonstrates expertise in designing and managing enterprise-level security programs and aligning them with business objectives.
• Project Management Methodology

WE ARE BAT

At BAT we are committed to our Purpose of creating A Better Tomorrow. This is what drives our people and our passion for innovation. See what is possible for you at BAT.

• Global Top Employer with 53,000 BAT people across more than 180 markets
• Brands sold in over 200 markets, made in 44 factories in 42 countries
• Newly established Tech Hubs building world-class capabilities for innovation in 4 strategic locations
• Diversity leader in the Financial Times and International Women’s Day Best Practice winner
• Seal Award winner – one of 50 most sustainable companies

BELONGING, ACHIEVING, TOGETHER

Collaboration, diversity, and teamwork underpin everything we do here at BAT. We know that collaborating with colleagues from different backgrounds is what makes us stronger and best prepared to meet our business goals. Come bring your difference!