Responsibilities
- Conduct security evaluations of infrastructure deployed in cloud platforms, container systems, and Kubernetes clusters.
- Analyze Infrastructure as Code templates such as Terraform, Bicep, ARM, Helm, and Kubernetes manifests to detect security flaws and configuration errors.
- Evaluate practices related to CI/CD pipeline security, handling of secrets, encryption methods, logging mechanisms, monitoring setups, and access controls.
- Examine security configurations in Kubernetes and container environments, including workload separation, role-based access controls, network policies, and runtime protection measures.
- Perform follow-up testing to confirm resolution of previously identified issues and validate the strength of applied security controls.
- Document findings with supporting evidence, assess associated risks, and provide practical remediation guidance.
- Assist engineering and architecture teams by offering expert advice on securing infrastructure and applying secure design principles from the outset.