Job Description

Senior Cloud Security Engineer (AWS)

Department Information Technology

Experience 6 to 8 Years

Mandatory Skills AWS Cloud Security Kubernetes/EKS security Terraform

Overview

We are seeking a Senior Cloud Security Engineer to lead the design, implementation, and enforcement of advanced AWS and container security controls under the IC First Global Security Program. This role spans VPC segmentation, firewalls, encryption, DLAP/DLP, EDR, DNS protection, Kubernetes hardening, and virtualization security, with a heavy emphasis on Terraform-driven automation, anomaly detection, and attack prevention at scale. The successful candidate will be instrumental in building global Zero Trust architectures across multi-region AWS deployments, securing EKS/ECS clusters, virtualization workloads, and hybrid integrations while ensuring full alignment with compliance frameworks in regulated financial environments.

Key Responsibilities

1. Network & VPC Segmentation

Design and implement multi-VPC architectures with subnet micro-segmentation and Transit Gateway routing enforcement.

Enforce Zero Trust network segmentation between workloads, users, and external partners.

Apply strict ingress/egress controls with AWS Network Firewall, Security Groups, and NACLs.

2. Firewalling, DNS & Threat Prevention

Deploy AWS Network Firewall with custom Suricata/DPI rulesets.

Apply AWS WAF Advanced Protections for APIs, trading platforms, and client portals.

Harden DNS with Route 53 Resolver DNS Firewall, enforcing global anti-tunneling and anti-spoofing policies.

Define and monitor DLAP/DLP prevention policies to prevent data exfiltration across all workloads.

Integrate EDR (CrowdStrike, SentinelOne) for all EC2, container, and serverless workloads.

3. Encryption & Data Security

Enforce encryption at rest, in transit, and in use (KMS, ACM, HSM, TLS 1.3, Nitro Enclaves).

Automate key lifecycle management and cross-region rotation.

Apply confidential computing protections for financial and trading workloads.

4. Kubernetes & Virtualization Security

Secure EKS, ECS, and Kubernetes clusters with pod-level network policies, RBAC/ABAC, and runtime security.

Implement container image scanning (ECR, third-party registries) and vulnerability management pipelines.

Deploy Kubernetes-native firewalls and admission controllers for Zero Trust enforcement.

Harden virtualized workloads (VMs, WorkSpaces, VMware on AWS) with endpoint monitoring and network micro-segmentation.

Establish runtime anomaly detection for containerized and virtualized workloads (Falco, GuardDuty for EKS, Datadog).

5. Anomaly Detection & Attack Prevention

Implement AI/ML-based anomaly detection for network, DNS, and workload behaviors.

Define preventive playbooks for insider threats, DNS tunneling, and privilege escalation.

Correlate findings from GuardDuty, WIZ, Inspector, and SIEM platforms to predict and prevent attacks.

Lead threat modeling and red team exercises across cloud and container environments.

6. Infrastructure as Code & Automation

Build secure Terraform modules for AWS, Kubernetes, and firewall policies.

Embed compliance-as-code into CI/CD pipelines (OPA, Sentinel).

Automate posture drift detection with Terraform + WIZ/Security Hub integrations.

Drive adoption of GitOps workflows for immutable security deployment.

7. Observability & Incident Response

Design multi-region SIEM dashboards (AWS OpenSearch, CloudWatch, Grafana, Loki).

Integrate ISeeFirst alerting into Jira, Slack, and PagerDuty workflows.

Lead incident response and containment for anomalies in AWS, Kubernetes, and virtualized workloads.

Build automated response pipelines (e.g., isolate compromised containers or VPC subnets automatically).

Qualifications

6-8+ years in Cloud Security Engineering, with AWS specialization.

Deep knowledge of VPC segmentation, subnets, firewalling, and Zero Trust architectures.

Strong expertise in Kubernetes/EKS security (network policies, admission controllers, pod runtime security).

Proven track record implementing EDR, DLAP/DLP, and DNS protection strategies.

Strong experience with Terraform and IaC security automation.

Advanced knowledge of encryption-in-transit, -at-rest, and -in-use (KMS, TLS, Nitro, Enclaves).

Hands-on with SIEM, anomaly detection, and ML-based attack prevention.

Familiarity with compliance frameworks (CIS, NIST 800-53, ISO 27001, SOC2, GDPR, ASIC, ESMA).

Preferred Certifications

AWS Certified Security - Specialty (required)

AWS Solutions Architect - Professional

AWS Advanced Networking - Specialty

Certified Kubernetes Security Specialist (CKS)

HashiCorp Terraform Associate (with security modules focus)

CISSP (Certified Information Systems Security Professional)

CCSP (Certified Cloud Security Professional)

SANS GIAC Cloud Security Certifications (GCSA, GCLD, GDSA)

ISO 27001 Lead Implementer/Auditor (plus for regulatory readiness)

Additional Information

Job location: Kuala Lumpur, Malaysia

Required Qualification

Bachelor of Computer Applications (B.C.A.) ,Bachelor of Computer Science (B.Sc. (Computer Science)) ,Bachelor of Engineering - Bachelor of Technology (B.E./B.Tech.) ,Master of Computer Applications (M.C.A.) ,Master of Engineering - Master of Technology (M.E./M.Tech.) ,

Job Insights: Important Tips to source better

Please prioritize immediate joiners.

Only look for local candidates.

The client may be flexible on compensation for the right candidate.

Questionnaire

Question1 : Years of experience in Terraform and IaC security automation? ?

Question2 : Do you have strong expertise in Kubernetes/EKS security (network policies, admission controllers, pod runtime security)? ?

Question3 : Years of experience in AWS Cloud Security? ?

Job Types: Full-time, Permanent

Pay: RM132,000.00 - RM180,000.00 per year