XYB is a leading global fintech company dedicated to transforming and revolutionising the financial services landscape. Through its coreless banking platform and ecosystem, XYB empowers banks and non-banks to provide accessible and comprehensive financial services to individuals and businesses. By combining advanced technology, comprehensive managed services, and fostering collaborative partnerships, XYB accelerates time to value, creates unparalleled growth opportunities, and enables financial institutions to thrive in the rapidly evolving digital era.

Role Overview:

Cloud Security Engineers play a pivotal role in safeguarding XYB digital assets and ensuring the confidentiality, integrity, and availability of information. Their work is essential in addressing the cloud threats, efficient and secure operations of cloud assets and maintaining the security posture of critical applications and assets.  One of the main responsibilities is cultivating a security culture within an organization. Building it involves creating awareness, fostering a sense of responsibility among employees, and promoting best practices throughout the organization.

Your Responsibilities:

• Maintain cloud security infrastructure and support DevOps engineers in establishing a secure, compliant, stable, and highly available setup
• Monitor cloud infrastructure for vulnerabilities, potential improvements, and security design flaws, as well as detect and prevent compromises, unauthorized access, exploitation, and breaches
• Conduct and automate regular security assessments and audits to identify vulnerabilities and weaknesses in cloud infrastructure, networks, and applications
• Collaborate with the IT team to implement access control management, including centralized user authentication, authorization, and Just-In-Time (JIT) privileged access
• Work closely with application owners, database engineers, and developers to integrate security measures into the overall technology infrastructure
• Review and assess the security architecture, collaborate with stakeholders to analyze gaps, and propose architectural changes by persuading product teams and application owners
• Maintain comprehensive documentation of expected security configurations for infrastructure components
• Stay updated on the latest cybersecurity threats, vulnerabilities, and technologies through continuous research and learning.

Our Requirements:

• Strong analytical and problem-solving skills to address security challenges and incidents
• Familiarity with GitOps, DevOps, FinOps, and SecOps principles and practices.
  Solid hands-on experience with AWS or GCP
• Experience with managed Kubernetes clusters (EKS or GKE), including an understanding of security principles for containers and the importance of image hardening
• IaC management with Terraform or OpenTofu is essential, following best practices and creating reusable modular infrastructure code
• Proficiency in configuring and managing cloud-based firewalls (e.g., AWS WAF, GCP NGFW, network firewalls, NACLs)
• Familiarity with AWS native security tools (e.g., GuardDuty, Inspector, Security Hub) or GCP native security tools (e.g., Security Command Centre, GCP DLP, IDS)
• Knowledge of KMS encryption implementation in AWS or GCP
• Experience with secrets management using HashiCorp Vault
• Expertise in IAM (e.g., Identity Center, Cloud Identity, AWS and GCP IAM, Identity
• Aware Proxies) and Just-In-Time (JIT) access principles
• Practical experience with cloud-based SIEM tools or similar cloud-native monitoring solutions (e.g., AWS CloudTrail, Config, CloudWatch, Logging on GCP)
• Security policy development using Policy as Code (PaaC) tools such as OPA, IAM policies, and service control policies
• Vulnerability management using open-source tools and familiarity with container image security
• Experience supporting security assessments, audits, and overseeing penetration testing
• In-depth knowledge of network security principles, protocols, and technologies
• Effective communication skills to convey security concepts to both technical audiences and management
• Proficiency in scripting languages (e.g., Python, Shell) for automating security tasks.

We encourage you to apply if you believe this job opportunity aligns with your experience and ambitions. Please submit your CV, as we look forward to reviewing your application.

XYB is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.