Key Responsibilities 1. Security Remediation & Hardening · Identify and remediate vulnerabilities across cloud and on-prem systems · Ensure 100% deployment and effectiveness of endpoint security (EDR/XDR) · Drive patch management for Windows and Linux systems with defined SLAs · Implement secure configuration baselines across environments 2. Cloud Security · Assess and secure environments across AWS, Azure, and GCP · Deploy and manage CSPM tools to continuously monitor misconfigurations · Ensure secure IAM practices, including least privilege and MFA enforcement · Identify and secure publicly exposed assets 3. Identity, Access & Privileged Account Management · Implement and enforce password policies and MFA · Support rollout of Privileged Access Management (PAM) · Review and remediate excessive or risky access permissions 4. Vulnerability Management, Monitoring & Incident Response · Run continuous patching and vulnerability scanning to maintain compliance and security baselines. · Establish logging and monitoring for all critical systems · Integrate systems with SIEM or centralized monitoring platforms · Support incident detection, investigation, and response · Develop and maintain incident response playbooks 5. Automation & Efficiency · Develop automation scripts (PowerShell, Bash, Python) for: o Patch management o System hardening o User and access management · Improve operational efficiency through automation 6. Governance & Documentation · Document security configurations, processes, and standards · Support compliance initiatives (SOC2, ISO 27001, NIST) · Provide regular status reports on risk reduction and control implementation - Required Skills & Experience · Strong experience in Cloud Security (AWS, Azure, GCP) · Hands-on expertise in CSPM tools (AWS Security Hub / GuardDuty, Microsoft Defender for Cloud, Prisma Cloud, or Wiz) · Experience with EDR/XDR solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender) · Vulnerability management tools — Tenable, Qualys, or Rapid7 · Solid knowledge of patch management (Windows & Linux) · Experience with IAM (Active Directory, Azure AD/Entra ID, Okta), MFA, and PAM solutions (e.g., CyberArk, BeyondTrust, Delinea) · Familiarity with SIEM and security monitoring (Splunk, Microsoft Sentinel) · Strong scripting skills (PowerShell, Bash, Python) · Experience with virtualization and hypervisors (VMware, Hyper-V, etc.) · Understanding of security frameworks (NIST, CIS, ISO 27001) - Preferred Qualifications · CEH, CompTIA Security+, or equivalent foundational certification. · Cloud security certifications (AWS Security Specialty, AZ-500, GCP Security Engineer). · Experience handling or responding to security incidents · Exposure to compliance frameworks (SOC2, ISO 27001)