Kerja Sepenuh Masa, AWS Cloud Security Engineer di Hydron Holdings Federal Territory - Maukerja

Job Scope

• AWS Security Operations:
  • Implement and operate AWS-native security services: IAM (least-privilege, SCPs), GuardDuty, Security Hub, WAF, Shield, Macie, Inspector, KMS, Secrets Manager and Config.
  • Own IAM governance — design and enforce least-privilege policies, service control policies (SCPs) and permission boundaries across accounts.
  • Manage KMS key lifecycle, secrets rotation in Secrets Manager and encryption standards for data at rest and in transit.
  • Monitor and tune GuardDuty, Security Hub findings and CloudTrail logs to surface actionable threats.
• Cloud Security Architecture & Hardening:
  • Design and enforce secure network architecture: VPC segmentation, security groups, NACLs, private subnets and traffic inspection.
  • Harden serverless workloads (Lambda, API Gateway) and container workloads (ECS/EKS) against known attack patterns.
  • Define and maintain security baselines and configuration standards across EC2, S3, RDS/Aurora, CloudFront and SQS/SNS.
  • Conduct and support security architecture reviews for new features and infrastructure changes.
• DevSecOps & Vulnerability Management:
  • Embed security controls into CI/CD pipelines: SAST, DAST, SCA, container/image scanning (Trivy, ECR), IaC scanning (Checkov, tfsec) and secrets detection.
  • Manage vulnerability remediation SLAs and patching cadence across all environments.
  • Review and advise on IaC (Terraform, CloudFormation) from a security perspective; flag and remediate misconfigurations.
• Incident Response & Threat Management:
  • Lead triage of security alerts, perform root-cause analysis and drive remediation to closure.
  • Develop, maintain and exercise incident response playbooks and contribute to tabletop exercises.
  • Investigate CloudTrail, VPC Flow Logs and GuardDuty findings to detect and contain threats.
  • Act as the escalation point for production security incidents across all platforms.
• Compliance & Risk Management:
  • Drive and maintain compliance posture for PCI-DSS, ISO 27001 and applicable data protection regulations across G2G, pipwave and OffGamers.
  • Manage evidence collection, control mapping and audit support for internal and external assessments.
  • Maintain AWS Config rules, Security Hub standards and continuous compliance monitoring.
  • Produce regular security posture reports and risk dashboards for stakeholders.

• Experience: Minimum 2–3 years hands-on AWS cloud security in production environments.
• Linux/Unix: Solid working knowledge of Linux/Unix server administration including log analysis, permissions and hardening.
• AWS Security Services: Hands-on with IAM, GuardDuty, Security Hub, WAF, KMS, Secrets Manager, Config and Macie.
• Network Security: VPC design, security groups, NACLs, private networking and traffic segmentation.
• Scripting: Python or Bash for security automation, alerting scripts and remediation workflows.
• Incident Response: Ability to triage security alerts, investigate findings and drive root-cause analysis.
• Compliance: Working knowledge of PCI-DSS and/or ISO 27001 control requirements.
• Communication: Clear written and verbal communication; able to convey security risk to non-technical stakeholders.