Job Description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Qualys is looking for a Senior Cloud Security Analystto strengthen its cloud security posture across OCI, AWS, Azure, and GCP environments. This role will focus on cloud threat detection, security monitoring, posture management, incident response, and automation, working closely with Cloud Operations, DevOps, Network Security, Site Reliability Engineering, Platform Security, and SOC teams.

The ideal candidate brings strong hands-on cloud security experience, deep understanding of cloud-native security controls, and the ability to translate security findings into actionable risk reduction.

Key Responsibilities

Cloud Security Management

• Manage and improve security across cloud platforms (OCI/AWS/Azure/GCP).
• Apply and maintain cloud security baselines and best practices (CIS benchmarks).
• Review and secure cloud architecture designs.
• Ensure secure configurations for cloud services, storage, databases, and networking.

Identity & Access Management

• Manage cloud IAM policies and enforce least‑privilege access.
• Monitor and govern service accounts, roles, and permissions.
• Perform regular access reviews and remove unused privileges.
• Manage encryption keys, secrets, and certificates using cloud KMS or secret vaults.

Data Protection

• Ensure encryption of data at rest and in transit.
• Support data classification, privacy controls, and DLP guardrails.
• Monitor for data exposure risks and prevent unauthorized access.

Threat Detection & Incident Response

• Monitor cloud logs and alerts using SIEM, CSPM, and native cloud tools.
• Investigate cloud security incidents and support incident response efforts.
• Prepare incident reports, root cause analysis, and preventive actions.
• Maintain and improve cloud incident response playbooks.

Vulnerability & Exposure Management

• Run cloud vulnerability scans and misconfiguration checks.
• Track and drive remediation of high‑risk findings.
• Validate patching and follow up with engineering teams.

Governance, Risk & Compliance

• Ensure compliance with standards like CIS, NIST, ISO 27001, SOC 2.
• Support internal and external audits with evidence and documentation.
• Conduct security assessments for new cloud services and integrations.
• Maintain risk registers and track remediation plans.

Monitoring & Logging

• Ensure centralized logging and monitoring for all cloud environments.
• Create dashboards and reports on cloud posture, compliance, and risk.
• Ensure log integrity, retention, and continuous visibility.

Workload Protection

• Secure containers, Kubernetes clusters, and serverless workloads.
• Ensure image scanning, runtime security, and admission policies.
• Implement secure API practices, rate limiting, and authentication controls.

Business Continuity & Resilience

• Validate cloud backup, recovery processes, and DR readiness.
• Review high‑availability configurations and reduce blast radius.
• Maintain break‑glass procedures and monitor usage.

Collaboration & Enablement

• Work with engineering teams to guide them on secure cloud patterns.
• Provide documentation, best practices, and training sessions.
• Mentor junior analysts when needed.

Skills:

• Understanding of cloud platforms like AWS, Azure, Google Cloud, OCI etc., including their services and architecture.
• Skills in designing secure cloud architectures, including network segmentation, data encryption, and disaster recovery strategies.
• Proficiency in managing user identities, permissions, roles, and access controls within cloud environments.
• Ability to set up monitoring tools, analyze security logs, and respond to security incidents promptly.
• Familiarity with cloud-native security services and tools provided by cloud providers (e.g., AWS Security Hub, Azure Security Center).
• Ability to assess security risks, prioritize them based on impact and likelihood, and develop strategies to mitigate them.
• Knowledge of network protocols, firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and other network security concepts.
• Familiarity with encryption algorithms, SSL/TLS protocols, and cryptographic key management for data protection.
• Experience with vulnerability scanning tools, penetration testing methodologies, and patch management processes.
• Knowledge of scripting languages (e.g., Python, PowerShell) and automation tools (e.g., Terraform, Ansible) to automate security tasks and configurations.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CCSK, CCSP and cloud native certifications like AWS, Azure, OCI, GCP are highly desirable.
• Proven track record of designing and implementing complex cloud environments preferably in a cloud security engineer role.
• Experience implementing security controls in cloud environments using tools such as AWS Security Hub, AWS GuardDuty, AWS IAM Analyzer, Azure Security Center, or Azure Defender or Google Cloud Security Command Center or Oracle Cloud Guard.
• Knowledge of industry-standard security frameworks and regulations (e.g., NIST, CIS, GDPR, HIPAA).
• In-depth knowledge of cloud components, IAM, and best practices, including user provisioning, access/policy management, authentication mechanisms
• Familiarity with CSP environments like OCI, AWS, Azure, GCP etc
• Experience with cloud governance processes, cloud security implementation, cloud security monitoring etc.
• Strong problem-solving and analytical skills, with the ability to assess complex cloud requirements, identify gaps, and propose effective solutions.
• Excellent communication and collaboration skills to work effectively with cross-functional teams, stakeholders, and external vendors.
• Strong project management skills to drive cloud initiatives, manage timelines, and deliver successful outcomes.